diff options
author | Gerald Carter <jerry@samba.org> | 2005-03-10 18:50:47 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:57 -0500 |
commit | 66df8431ec092c4e629fc07e8e5a242ff3821b2d (patch) | |
tree | 17d58c731f37eaf257e194e38d04dbe299d29551 /source3/lib | |
parent | 3e4bc25f44c9456cab00b4919b2ead22d5ea91f7 (diff) | |
download | samba-66df8431ec092c4e629fc07e8e5a242ff3821b2d.tar.gz samba-66df8431ec092c4e629fc07e8e5a242ff3821b2d.tar.bz2 samba-66df8431ec092c4e629fc07e8e5a242ff3821b2d.zip |
r5726: merge LsaLookupPrivValue() code from trunk
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/privileges.c | 116 |
1 files changed, 57 insertions, 59 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 5a5afa4d72..8b5348e1f2 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -3,7 +3,7 @@ Privileges handling functions Copyright (C) Jean François Micouleau 1998-2001 Copyright (C) Simo Sorce 2002-2003 - Copyright (C) Gerald (Jerry) Carter 2004 + Copyright (C) Gerald (Jerry) Carter 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,6 +40,43 @@ const SE_PRIV se_add_users = SE_ADD_USERS; const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; +/******************************************************************** + This is a list of privileges reported by a WIndows 2000 SP4 AD DC + just for reference purposes: + + SeCreateTokenPrivilege Create a token object + SeAssignPrimaryTokenPrivilege Replace a process level token + SeLockMemoryPrivilege Lock pages in memory + SeIncreaseQuotaPrivilege Increase quotas + SeMachineAccountPrivilege Add workstations to domain + SeTcbPrivilege Act as part of the operating system + SeSecurityPrivilege Manage auditing and security log + SeTakeOwnershipPrivilege Take ownership of files or other objects + SeLoadDriverPrivilege Load and unload device drivers + SeSystemProfilePrivilege Profile system performance + SeSystemtimePrivilege Change the system time + SeProfileSingleProcessPrivilege Profile single process + SeIncreaseBasePriorityPrivilege Increase scheduling priority + SeCreatePagefilePrivilege Create a pagefile + SeCreatePermanentPrivilege Create permanent shared objects + SeBackupPrivilege Back up files and directories + SeRestorePrivilege Restore files and directories + SeShutdownPrivilege Shut down the system + SeDebugPrivilege Debug programs + SeAuditPrivilege Generate security audits + SeSystemEnvironmentPrivilege Modify firmware environment values + SeChangeNotifyPrivilege Bypass traverse checking + SeRemoteShutdownPrivilege Force shutdown from a remote system + SeUndockPrivilege Remove computer from docking station + SeSyncAgentPrivilege Synchronize directory service data + SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation + SeManageVolumePrivilege Perform volume maintenance tasks + SeImpersonatePrivilege Impersonate a client after authentication + SeCreateGlobalPrivilege Create global objects + +********************************************************************/ + + PRIVS privs[] = { #if 0 /* usrmgr will display these twice if you include them. We don't use them but we'll keep the bitmasks reserved in privileges.h anyways */ @@ -58,38 +95,6 @@ PRIVS privs[] = { {SE_END, "", ""} }; -#if 0 /* not needed currently */ -PRIVS privs[] = { - {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"}, - {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"}, - {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"}, - {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"}, - {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"}, - {SE_TCB, "SeTcbPrivilege", "Act as part of the operating system"}, - {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, - {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, - {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, - {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"}, - {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, - {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, - {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, - {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"}, - {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, - {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, - {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, - {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, - {SE_AUDIT, "SeAuditPrivilege", "Audit"}, - {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, - {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, - {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, - {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, - {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, - {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} - {SE_END, "", ""} -}; -#endif - typedef struct priv_sid_list { SE_PRIV privilege; SID_LIST sids; @@ -177,6 +182,24 @@ static BOOL se_priv_empty( const SE_PRIV *mask ) return se_priv_equal( &p1, &se_priv_none ); } +/********************************************************************* + Lookup the SE_PRIV value for a privilege name +*********************************************************************/ + +BOOL se_priv_from_name( const char *name, SE_PRIV *mask ) +{ + int i; + + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { + if ( strequal( privs[i].name, name ) ) { + se_priv_copy( mask, &privs[i].se_priv ); + return True; + } + } + + return False; +} + /*************************************************************************** dump an SE_PRIV structure to the log files ****************************************************************************/ @@ -369,11 +392,9 @@ LUID_ATTR get_privilege_luid( SE_PRIV *mask ) for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - /* just use the index+1 (so its non-zero) into the - array as the lower portion of the LUID */ - if ( se_priv_equal( &privs[i].se_priv, mask ) ) { priv_luid.luid.low = GENERATE_LUID_LOW(i); + break; } } @@ -664,9 +685,6 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l { int i; - /* don't crash if the source pointer is NULL (since we don't - do priviledges now anyways) */ - if ( !old_la ) return NT_STATUS_OK; @@ -731,26 +749,6 @@ char* luid_to_privilege_name(const LUID *set) return name; } -/**************************************************************************** - Convert an LUID to a 32-bit mask -****************************************************************************/ - -SE_PRIV* luid_to_privilege_mask(const LUID *set) -{ - static SE_PRIV mask; - int max = count_all_privileges(); - - if (set->high != 0) - return NULL; - - if ( set->low > max ) - return NULL; - - se_priv_copy( &mask, &privs[set->low - 1].se_priv ); - - return &mask; -} - /******************************************************************* return the number of elements in the privlege array *******************************************************************/ |