s3-privs Make privilege_enum_sids() take an LUID, not a bitmap

This moves one more privileges call away from direct bitmap manipuation.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9c60c219209af70766162941677734cae0bb89e9..a39220597edb31630ce1ac90d6f0e7331b6041f0 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -634,7 +634,7 @@ void pidfile_unlink(void);
 
 bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount);
 NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids);
-NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
                             struct dom_sid **sids, int *num_sids);
 bool grant_privilege(const struct dom_sid *sid, const uint64_t priv_mask);
 bool grant_privilege_by_name(struct dom_sid *sid, const char *name);

diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index 5988480cc0fe50ca7173dddf298f19d174fb84c5..436e4569321ab2300e34151bbf0a625cf7e99226 100644 (file)
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -251,7 +251,7 @@ NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids)
  Retrieve list of SIDs granted a particular privilege
 *********************************************************************/
 
-NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
                             struct dom_sid **sids, int *num_sids)
 {
        struct db_context *db = get_account_pol_db();
@@ -263,7 +263,7 @@ NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
 
        ZERO_STRUCT(priv);
 
-       priv.privilege = *mask;
+       priv.privilege = sec_privilege_mask(privilege);
        priv.mem_ctx = mem_ctx;
 
        db->traverse_read(db, priv_traverse_fn, &priv);

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 04e8d1970c59d56c94d4a31436c683d99dcaecd7..896ca66c6d66ee4d09872a393710acc918b13e35 100644 (file)
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -2440,7 +2440,7 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p,
        struct dom_sid *sids = NULL;
        int num_sids = 0;
        uint32_t i;
-       uint64_t mask;
+       enum sec_privilege privilege;
 
        if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
                return NT_STATUS_INVALID_HANDLE;
@@ -2458,11 +2458,12 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p,
                return NT_STATUS_NO_SUCH_PRIVILEGE;
        }
 
-       if (!se_priv_from_name(r->in.name->string, &mask)) {
+       privilege = sec_privilege_id(r->in.name->string);
+       if (privilege == SEC_PRIV_INVALID) {
                return NT_STATUS_NO_SUCH_PRIVILEGE;
        }
 
-       status = privilege_enum_sids(&mask, p->mem_ctx,
+       status = privilege_enum_sids(privilege, p->mem_ctx,
                                     &sids, &num_sids);
        if (!NT_STATUS_IS_OK(status)) {
                return status;

diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 4da712d8ccf6139564562e18a2ad547b7a0c3c2d..53e8c96f63a367a258995b0209c8ed80465ded5c 100644 (file)
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -634,7 +634,7 @@ static int net_sam_policy(struct net_context *c, int argc, const char **argv)
 static int net_sam_rights_list(struct net_context *c, int argc,
                               const char **argv)
 {
-       uint64_t mask;
+       enum sec_privilege privilege;
 
        if (argc > 1 || c->display_usage) {
                d_fprintf(stderr, "%s\n%s",
@@ -653,12 +653,14 @@ static int net_sam_rights_list(struct net_context *c, int argc,
                return 0;
        }
 
-       if (se_priv_from_name(argv[0], &mask)) {
+       privilege = sec_privilege_id(argv[0]);
+
+       if (privilege != SEC_PRIV_INVALID) {
                struct dom_sid *sids;
                int i, num_sids;
                NTSTATUS status;
 
-               status = privilege_enum_sids(&mask, talloc_tos(),
+               status = privilege_enum_sids(privilege, talloc_tos(),
                                             &sids, &num_sids);
                if (!NT_STATUS_IS_OK(status)) {
                        d_fprintf(stderr, _("Could not list rights: %s\n"),