libmsrpc user priv access mask
Chris Nicholls
cnicholl at uoguelph.ca
Tue Aug 2 06:59:39 GMT 2005
>>
>>Do you think it would be worthwhile to use access bits for
>>the LSA functions that require user privileges
>>(LsaAddAccountRights for example)? This would entail writing
>>a function that translates between the access bits and an
>>array of string representations of the privs. I think it
>>would make developing with the library much cleaner, even
>>though there are only a small handful of functions that
>>will actually use it. But I thought I would see if there
>>are any comments before going through with it.
>>
>>
>
>Chris,
>
>First let's make sure that we are talking about the same things
>here. Are you talking about the privilege names such as
>SePrintOperatorPrivilege? Or are you talking about the
>requested access bits used in the open handle call? I'm
>assuming the former.
>
>
>
Yep, I'm talking about the privilege names, like
SePrintOperatorPrivilege. I was considering defining some bitmasks that
can be used to specify the privileges and then internally worry about
converting it to the actual strings. I just don't like the idea of
using strings to specify all the privileges, but it's probably far more
trouble than it's worth for the 2 or 3 functions it will be useful for.
(ie whatever uses cli_lsa_add_account_rights() and
cli_lsa_remove_account_rights())
Chris
More information about the samba-technical
mailing list