/*
set a bit in the privilege mask
*/
void security_token_set_privilege(struct security_token *token, enum sec_privilege privilege)
{
if (privilege < 1 || privilege > 64) {
return;
}
token->privilege_mask |= sec_privilege_mask(privilege);
}
/*
return true if a security_token has a particular privilege bit set
*/
bool security_token_has_privilege(const struct security_token *token, enum sec_privilege privilege)
{
uint64_t mask;
if (privilege < 1 || privilege > 64) {
return false;
}
mask = sec_privilege_mask(privilege);
if (token->privilege_mask & mask) {
return true;
}
return false;
}
void security_token_debug_privileges(int dbg_lev, const struct security_token *token)
{
DEBUGADD(dbg_lev, (" Privileges (0x%16llX):\n",
(unsigned long long) token->privilege_mask));
if (token->privilege_mask) {
int i = 0;
uint_t privilege;
for (privilege = 1; privilege <= 64; privilege++) {
uint64_t mask = sec_privilege_mask(privilege);
if (token->privilege_mask & mask) {
DEBUGADD(dbg_lev, (" Privilege[%3lu]: %s\n", (unsigned long)i++,
sec_privilege_name(privilege)));
}
}
}
}
bool privilege_set_to_se_priv( uint64_t *privilege_mask, struct lsa_PrivilegeSet *privset )
{
uint32_t i;
ZERO_STRUCTP( privilege_mask );
for ( i=0; i<privset->count; i++ ) {
uint64_t r;
/* sanity check for invalid privilege. we really
only care about the low 32 bits */
if ( privset->set[i].luid.high != 0 )
return false;
r = sec_privilege_mask(privset->set[i].luid.low);
if (r) {
*privilege_mask |= r;
}
}
return true;
}
/*
set a bit in the privilege mask
*/
void security_token_set_privilege(struct security_token *token, enum sec_privilege privilege)
{
/* Relies on the fact that an invalid privilage will return 0, so won't change this */
token->privilege_mask |= sec_privilege_mask(privilege);
}