static bool is_any_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check ) { SE_PRIV p1, p2; if ( !privileges || !check ) return False; /* everyone has privileges if you aren't checking for any */ if ( se_priv_empty( check ) ) { DEBUG(1,("is_any_privilege_assigned: no privileges in check_mask!\n")); return True; } se_priv_copy( &p1, check ); /* invert the SE_PRIV we want to check for and remove that from the original set. If we are left with the SE_PRIV we are checking for then return True */ se_priv_invert( &p1, check ); se_priv_copy( &p2, privileges ); se_priv_remove( &p2, &p1 ); /* see if we have any bits left */ return !se_priv_empty( &p2 ); }
static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask ) { SE_PRIV allprivs; se_priv_copy( &allprivs, &se_priv_all ); se_priv_remove( &allprivs, mask ); se_priv_copy( new_mask, &allprivs ); }
bool revoke_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) { SE_PRIV mask; /* if the user has no privileges, then we can't revoke any */ if ( !get_privileges( sid, &mask ) ) return True; DEBUG(10,("revoke_privilege: %s\n", sid_string_dbg(sid))); DEBUGADD( 10, ("original privilege mask:\n")); dump_se_priv( DBGC_ALL, 10, &mask ); se_priv_remove( &mask, priv_mask ); DEBUGADD( 10, ("new privilege mask:\n")); dump_se_priv( DBGC_ALL, 10, &mask ); return set_privileges( sid, &mask ); }