privs Move privilege bitmasks to security.idl

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index b8b35d2c2bf53879362927f74e3bff9e7c9e07d4..20cbb4189b3c6c5d30c3a2d6036ae6d999da04f7 100644 (file)
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -347,6 +347,45 @@ interface security
                SEC_PRIV_MACHINE_ACCOUNT           = 25
        } sec_privilege;
 
+/*
+ * We will use our own bitmap here as the Samba3 privilages.tdb records these values
+ */
+       typedef [bitmap64bit] bitmap {
+               SE_NETWORK_LOGON                = 0x00000001,
+               SE_INTERACTIVE_LOGON            = 0x00000002,
+               SE_BATCH_LOGON                  = 0x00000004,
+               SE_SERVICE_LOGON                = 0x00000008,
+               SE_MACHINE_ACCOUNT              = 0x00000010,
+
+               /* Samba-specific privs */
+               SE_PRINT_OPERATOR               = 0x00000020,
+               SE_ADD_USERS                    = 0x00000040,
+               SE_DISK_OPERATOR                = 0x00000080,
+
+               SE_REMOTE_SHUTDOWN              = 0x00000100,
+               SE_BACKUP                       = 0x00000200,
+               SE_RESTORE                      = 0x00000400,
+               SE_TAKE_OWNERSHIP               = 0x00000800,
+               SE_INCREASE_QUOTA               = 0x00001000,
+               SE_SECURITY                     = 0x00002000,
+               SE_LOAD_DRIVER                  = 0x00004000,
+               SE_SYSTEM_PROFILE               = 0x00008000,
+               SE_SYSTEMTIME                   = 0x00010000,
+               SE_PROFILE_SINGLE_PROCESS       = 0x00020000,
+               SE_INCREASE_BASE_PRIORITY       = 0x00040000,
+               SE_CREATE_PAGEFILE              = 0x00080000,
+               SE_SHUTDOWN                     = 0x00100000,
+               SE_DEBUG                        = 0x00200000,
+               SE_SYSTEM_ENVIRONMENT           = 0x00400000,
+               SE_CHANGE_NOTIFY                = 0x00800000,
+               SE_UNDOCK                       = 0x01000000,
+               SE_ENABLE_DELEGATION            = 0x02000000,
+               SE_MANAGE_VOLUME                = 0x04000000,
+               SE_IMPERSONATE                  = 0x08000000,
+               SE_CREATE_GLOBAL                = 0x10000000,
+               /* Windows privs not in the list above */
+               SE_REMOTE_INTERACTIVE_LOGON     = 0x20000000
+       } se_privilege;
 
        typedef [public,bitmap8bit] bitmap {
                SEC_ACE_FLAG_OBJECT_INHERIT             = 0x01,

diff --git a/source3/include/privileges.h b/source3/include/privileges.h
index ba09f57fae9a2d3852cc213f0c7d1c605fdbe584..ab16edfa6d70cb7e4054d6548a71558c76535807 100644 (file)
--- a/source3/include/privileges.h
+++ b/source3/include/privileges.h
@@ -26,6 +26,7 @@
 #define PRIVILEGES_H
 
 #include "../librpc/gen_ndr/lsa.h"
+#include "../librpc/gen_ndr/security.h"
 
 /* privilege bitmask */
 
@@ -38,25 +39,6 @@ typedef uint64_t SE_PRIV;
 #define SE_ALL_PRIVS                    (SE_PRIV)-1
 
 
-/* 
- * We will use our own set of privileges since it makes no sense
- * to implement all of the Windows set when only a portion will
- * be used.  Use 64-bit mask to give room to grow.
- */
-
-#define SE_NETWORK_LOGON               0x00000001
-#define SE_INTERACTIVE_LOGON           0x00000002
-#define SE_BATCH_LOGON                 0x00000004
-#define SE_SERVICE_LOGON               0x00000008
-#define SE_MACHINE_ACCOUNT             0x00000010
-#define SE_PRINT_OPERATOR              0x00000020
-#define SE_ADD_USERS                   0x00000040
-#define SE_DISK_OPERATOR               0x00000080
-#define SE_REMOTE_SHUTDOWN             0x00000100
-#define SE_BACKUP                      0x00000200
-#define SE_RESTORE                     0x00000400
-#define SE_TAKE_OWNERSHIP              0x00000800
-
 /* defined in lib/privilegs_basic.c */
 
 extern const SE_PRIV se_priv_all;