NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids);
NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
struct dom_sid **sids, int *num_sids);
-bool grant_privilege(const struct dom_sid *sid, const uint64_t priv_mask);
+bool grant_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set);
bool grant_privilege_by_name(struct dom_sid *sid, const char *name);
-bool revoke_privilege(const struct dom_sid *sid, const uint64_t priv_mask);
bool revoke_all_privileges( struct dom_sid *sid );
+bool revoke_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set);
bool revoke_privilege_by_name(struct dom_sid *sid, const char *name);
NTSTATUS privilege_create_account(const struct dom_sid *sid );
NTSTATUS privilege_delete_account(const struct dom_sid *sid);
Add privilege to sid
****************************************************************************/
-bool grant_privilege(const struct dom_sid *sid, const uint64_t priv_mask)
+static bool grant_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
{
uint64_t old_mask, new_mask;
return False;
}
- return grant_privilege( sid, mask );
+ return grant_privilege_bitmap( sid, mask );
+}
+
+/***************************************************************************
+ Grant a privilege set (list of LUID values) from a sid
+****************************************************************************/
+
+bool grant_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set)
+{
+ uint64_t privilege_mask;
+ if (!privilege_set_to_se_priv(&privilege_mask, set)) {
+ return false;
+ }
+ return grant_privilege_bitmap(sid, privilege_mask);
}
/***************************************************************************
Remove privilege from sid
****************************************************************************/
-bool revoke_privilege(const struct dom_sid *sid, const uint64_t priv_mask)
+static bool revoke_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
{
uint64_t mask;
return set_privileges( sid, &mask );
}
+/***************************************************************************
+ Remove a privilege set (list of LUID values) from a sid
+****************************************************************************/
+
+bool revoke_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set)
+{
+ uint64_t privilege_mask;
+ if (!privilege_set_to_se_priv(&privilege_mask, set)) {
+ return false;
+ }
+ return revoke_privilege_bitmap(sid, privilege_mask);
+}
+
/*********************************************************************
Revoke all privileges
*********************************************************************/
bool revoke_all_privileges( struct dom_sid *sid )
{
- return revoke_privilege( sid, SE_ALL_PRIVS);
+ return revoke_privilege_bitmap( sid, SE_ALL_PRIVS);
}
/*********************************************************************
return False;
}
- return revoke_privilege(sid, mask);
+ return revoke_privilege_bitmap(sid, mask);
}
NTSTATUS privilege_create_account(const struct dom_sid *sid )
{
- return ( grant_privilege(sid, 0) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL);
+ return ( grant_privilege_bitmap(sid, 0) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL);
}
/***************************************************************************
return False;
}
- return grant_privilege( sid, mask );
+ return grant_privilege_bitmap( sid, mask );
}
struct lsa_AddPrivilegesToAccount *r)
{
struct lsa_info *info = NULL;
- uint64_t mask;
struct lsa_PrivilegeSet *set = NULL;
/* find the connection policy handle. */
}
set = r->in.privs;
- if ( !privilege_set_to_se_priv( &mask, set ) )
- return NT_STATUS_NO_SUCH_PRIVILEGE;
- if ( !grant_privilege( &info->sid, mask ) ) {
- DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege(%s) failed!\n",
+ if ( !grant_privilege_set( &info->sid, set ) ) {
+ DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege_set(%s) failed!\n",
sid_string_dbg(&info->sid) ));
- DEBUG(3,("Privilege mask: 0x%llx\n", (unsigned long long)mask));
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
struct lsa_RemovePrivilegesFromAccount *r)
{
struct lsa_info *info = NULL;
- uint64_t mask;
struct lsa_PrivilegeSet *set = NULL;
/* find the connection policy handle. */
set = r->in.privs;
- if ( !privilege_set_to_se_priv( &mask, set ) )
- return NT_STATUS_NO_SUCH_PRIVILEGE;
-
- if ( !revoke_privilege( &info->sid, mask ) ) {
+ if ( !revoke_privilege_set( &info->sid, set) ) {
DEBUG(3,("_lsa_RemovePrivilegesFromAccount: revoke_privilege(%s) failed!\n",
sid_string_dbg(&info->sid) ));
- DEBUG(3,("Privilege mask: 0x%llx\n", (unsigned long long)mask));
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
struct dom_sid sid;
enum lsa_SidType type;
const char *dom, *name;
- uint64_t mask;
int i;
if (argc < 2 || c->display_usage) {
}
for (i=1; i < argc; i++) {
- if (!se_priv_from_name(argv[i], &mask)) {
+ enum sec_privilege privilege = sec_privilege_id(argv[i]);
+ if (privilege == SEC_PRIV_INVALID) {
d_fprintf(stderr, _("%s unknown\n"), argv[i]);
return -1;
}
- if (!grant_privilege(&sid, mask)) {
+ if (!grant_privilege_by_name(&sid, argv[i])) {
d_fprintf(stderr, _("Could not grant privilege\n"));
return -1;
}
struct dom_sid sid;
enum lsa_SidType type;
const char *dom, *name;
- uint64_t mask;
int i;
if (argc < 2 || c->display_usage) {
}
for (i=1; i < argc; i++) {
-
- if (!se_priv_from_name(argv[i], &mask)) {
+ enum sec_privilege privilege = sec_privilege_id(argv[i]);
+ if (privilege == SEC_PRIV_INVALID) {
d_fprintf(stderr, _("%s unknown\n"), argv[i]);
return -1;
}
- if (!revoke_privilege(&sid, mask)) {
+ if (!revoke_privilege_by_name(&sid, name)) {
d_fprintf(stderr, _("Could not revoke privilege\n"));
return -1;
}