summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-06 07:10:25 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:22 -0500
commit9defca2895fb94f48df00a4e388ba4f5de5d5ebc (patch)
treea230f54671a53dbbad8ce709be141a9b6c9f3f68
parenta42dba94d0d6d8203d845f771817d4e48b8c5205 (diff)
downloadsamba-9defca2895fb94f48df00a4e388ba4f5de5d5ebc.tar.gz
samba-9defca2895fb94f48df00a4e388ba4f5de5d5ebc.tar.bz2
samba-9defca2895fb94f48df00a4e388ba4f5de5d5ebc.zip
r4072: - changed the names of some of the well known sids to be more consistent
- added string constants for the important privileges. (This used to be commit d5bc706140faf2d0a917f90f87884cd097e8a48c)
-rw-r--r--source4/auth/auth_util.c6
-rw-r--r--source4/librpc/idl/security.idl53
2 files changed, 51 insertions, 8 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 1ea7da4672..503e1dee82 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -387,13 +387,13 @@ NTSTATUS create_nt_user_token(TALLOC_CTX *mem_ctx,
* don't really support) is the addition of Authenticated_Users.
*/
ptoken->user_sids[2] = dom_sid_parse_talloc(mem_ctx, SID_WORLD);
- ptoken->user_sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NETWORK);
+ ptoken->user_sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NT_NETWORK);
if (is_guest) {
ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN_GUESTS);
ptoken->num_sids++;
} else {
- ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_AUTHENTICATED_USERS);
+ ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHENTICATED_USERS);
ptoken->num_sids++;
}
@@ -453,7 +453,7 @@ NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, struct auth_serversupplied_
(*server_info)->guest = True;
- (*server_info)->user_sid = dom_sid_parse_talloc((*server_info), SID_ANONYMOUS);
+ (*server_info)->user_sid = dom_sid_parse_talloc((*server_info), SID_NT_ANONYMOUS);
(*server_info)->primary_group_sid = dom_sid_parse_talloc((*server_info), SID_BUILTIN_GUESTS);
(*server_info)->n_domain_groups = 0;
(*server_info)->domain_groups = NULL;
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 90ae3d3028..419c199f8f 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -115,11 +115,24 @@ interface security
const string SID_CREATOR_GROUP = "S-1-3-1";
/* SECURITY_NT_AUTHORITY */
- const string SID_NT_AUTHORITY = "S-1-5";
- const string SID_NETWORK = "S-1-5-2";
- const string SID_ANONYMOUS = "S-1-5-7";
- const string SID_AUTHENTICATED_USERS = "S-1-5-11";
- const string SID_SYSTEM = "S-1-5-18";
+ const string SID_NT_AUTHORITY = "S-1-5";
+ const string SID_NT_DIALUP = "S-1-5-1";
+ const string SID_NT_NETWORK = "S-1-5-2";
+ const string SID_NT_BATCH = "S-1-5-3";
+ const string SID_NT_INTERACTIVE = "S-1-5-4";
+ const string SID_NT_SERVICE = "S-1-5-6";
+ const string SID_NT_ANONYMOUS = "S-1-5-7";
+ const string SID_NT_PROXY = "S-1-5-8";
+ const string SID_NT_ENTERPRISE_DCS = "S-1-5-9";
+ const string SID_NT_SELF = "S-1-5-10";
+ const string SID_NT_AUTHENTICATED_USERS = "S-1-5-11";
+ const string SID_NT_RESTRICTED = "S-1-5-12";
+ const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13";
+ const string SID_NT_REMOTE_INTERACTIVE = "S-1-5-14";
+ const string SID_NT_THIS_ORGANISATION = "S-1-5-15";
+ const string SID_NT_SYSTEM = "S-1-5-18";
+ const string SID_NT_LOCAL_SERVICE = "S-1-5-19";
+ const string SID_NT_NETWORK_SERVICE = "S-1-5-20";
/* SECURITY_BUILTIN_DOMAIN_RID */
const string SID_BUILTIN = "S-1-5-32";
@@ -133,6 +146,36 @@ interface security
const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551";
const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552";
+
+ /*
+ privilege names
+ */
+ const string SEC_PRIV_SECURITY = "SeSecurityPrivilege";
+ const string SEC_PRIV_BACKUP = "SeBackupPrivilege";
+ const string SEC_PRIV_RESTORE = "SeRestorePrivilege";
+ const string SEC_PRIV_SYSTEMTIME = "SeSystemtimePrivilege";
+ const string SEC_PRIV_SHUTDOWN = "SeShutdownPrivilege";
+ const string SEC_PRIV_REMOTE_SHUTDOWN = "SeRemoteShutdownPrivilege";
+ const string SEC_PRIV_TAKE_OWNERSHIP = "SeTakeOwnershipPrivilege";
+ const string SEC_PRIV_DEBUG = "SeDebugPrivilege";
+ const string SEC_PRIV_SYSTEM_ENVIRONMENT = "SeSystemEnvironmentPrivilege";
+ const string SEC_PRIV_SYSTEM_PROFILE = "SeSystemProfilePrivilege";
+ const string SEC_PRIV_PROFILE_SINGLE_PROCESS = "SeProfileSingleProcessPrivilege";
+ const string SEC_PRIV_INCREASE_BASE_PRIORITY = "SeIncreaseBasePriorityPrivilege";
+ const string SEC_PRIV_LOAD_DRIVER = "SeLoadDriverPrivilege";
+ const string SEC_PRIV_CREATE_PAGEFILE = "SeCreatePagefilePrivilege";
+ const string SEC_PRIV_INCREASE_QUOTA = "SeIncreaseQuotaPrivilege";
+ const string SEC_PRIV_CHANGE_NOTIFY = "SeChangeNotifyPrivilege";
+ const string SEC_PRIV_UNDOCK = "SeUndockPrivilege";
+ const string SEC_PRIV_MANAGE_VOLUME = "SeManageVolumePrivilege";
+ const string SEC_PRIV_IMPERSONATE = "SeImpersonatePrivilege";
+ const string SEC_PRIV_CREATE_GLOBAL = "SeCreateGlobalPrivilege";
+ const string SEC_PRIV_ENABLE_DELEGATION = "SeEnableDelegationPrivilege";
+ const string SEC_PRIV_INTERACTIVE_LOGON = "SeInteractiveLogonRight";
+ const string SEC_PRIV_NETWORK_LOGON = "SeNetworkLogonRight";
+ const string SEC_PRIV_REMOTE_INTERACTIVE_LOGON = "SeRemoteInteractiveLogonRight";
+
+
/* a domain SID. Note that unlike Samba3 this contains a pointer,
so you can't copy them using assignment */
typedef [public,noprint] struct {