summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-03-10 18:50:47 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:55:57 -0500
commit66df8431ec092c4e629fc07e8e5a242ff3821b2d (patch)
tree17d58c731f37eaf257e194e38d04dbe299d29551 /source3/lib
parent3e4bc25f44c9456cab00b4919b2ead22d5ea91f7 (diff)
downloadsamba-66df8431ec092c4e629fc07e8e5a242ff3821b2d.tar.gz
samba-66df8431ec092c4e629fc07e8e5a242ff3821b2d.tar.bz2
samba-66df8431ec092c4e629fc07e8e5a242ff3821b2d.zip
r5726: merge LsaLookupPrivValue() code from trunk
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/privileges.c116
1 files changed, 57 insertions, 59 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index 5a5afa4d72..8b5348e1f2 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -3,7 +3,7 @@
Privileges handling functions
Copyright (C) Jean François Micouleau 1998-2001
Copyright (C) Simo Sorce 2002-2003
- Copyright (C) Gerald (Jerry) Carter 2004
+ Copyright (C) Gerald (Jerry) Carter 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -40,6 +40,43 @@ const SE_PRIV se_add_users = SE_ADD_USERS;
const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
+/********************************************************************
+ This is a list of privileges reported by a WIndows 2000 SP4 AD DC
+ just for reference purposes:
+
+ SeCreateTokenPrivilege Create a token object
+ SeAssignPrimaryTokenPrivilege Replace a process level token
+ SeLockMemoryPrivilege Lock pages in memory
+ SeIncreaseQuotaPrivilege Increase quotas
+ SeMachineAccountPrivilege Add workstations to domain
+ SeTcbPrivilege Act as part of the operating system
+ SeSecurityPrivilege Manage auditing and security log
+ SeTakeOwnershipPrivilege Take ownership of files or other objects
+ SeLoadDriverPrivilege Load and unload device drivers
+ SeSystemProfilePrivilege Profile system performance
+ SeSystemtimePrivilege Change the system time
+ SeProfileSingleProcessPrivilege Profile single process
+ SeIncreaseBasePriorityPrivilege Increase scheduling priority
+ SeCreatePagefilePrivilege Create a pagefile
+ SeCreatePermanentPrivilege Create permanent shared objects
+ SeBackupPrivilege Back up files and directories
+ SeRestorePrivilege Restore files and directories
+ SeShutdownPrivilege Shut down the system
+ SeDebugPrivilege Debug programs
+ SeAuditPrivilege Generate security audits
+ SeSystemEnvironmentPrivilege Modify firmware environment values
+ SeChangeNotifyPrivilege Bypass traverse checking
+ SeRemoteShutdownPrivilege Force shutdown from a remote system
+ SeUndockPrivilege Remove computer from docking station
+ SeSyncAgentPrivilege Synchronize directory service data
+ SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation
+ SeManageVolumePrivilege Perform volume maintenance tasks
+ SeImpersonatePrivilege Impersonate a client after authentication
+ SeCreateGlobalPrivilege Create global objects
+
+********************************************************************/
+
+
PRIVS privs[] = {
#if 0 /* usrmgr will display these twice if you include them. We don't
use them but we'll keep the bitmasks reserved in privileges.h anyways */
@@ -58,38 +95,6 @@ PRIVS privs[] = {
{SE_END, "", ""}
};
-#if 0 /* not needed currently */
-PRIVS privs[] = {
- {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"},
- {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"},
- {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"},
- {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"},
- {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"},
- {SE_TCB, "SeTcbPrivilege", "Act as part of the operating system"},
- {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
- {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
- {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
- {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
- {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"},
- {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
- {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
- {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
- {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"},
- {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
- {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
- {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
- {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
- {SE_AUDIT, "SeAuditPrivilege", "Audit"},
- {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
- {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"},
- {SE_UNDOCK, "SeUndockPrivilege", "Undock"},
- {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"},
- {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"},
- {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"}
- {SE_END, "", ""}
-};
-#endif
-
typedef struct priv_sid_list {
SE_PRIV privilege;
SID_LIST sids;
@@ -177,6 +182,24 @@ static BOOL se_priv_empty( const SE_PRIV *mask )
return se_priv_equal( &p1, &se_priv_none );
}
+/*********************************************************************
+ Lookup the SE_PRIV value for a privilege name
+*********************************************************************/
+
+BOOL se_priv_from_name( const char *name, SE_PRIV *mask )
+{
+ int i;
+
+ for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
+ if ( strequal( privs[i].name, name ) ) {
+ se_priv_copy( mask, &privs[i].se_priv );
+ return True;
+ }
+ }
+
+ return False;
+}
+
/***************************************************************************
dump an SE_PRIV structure to the log files
****************************************************************************/
@@ -369,11 +392,9 @@ LUID_ATTR get_privilege_luid( SE_PRIV *mask )
for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
- /* just use the index+1 (so its non-zero) into the
- array as the lower portion of the LUID */
-
if ( se_priv_equal( &privs[i].se_priv, mask ) ) {
priv_luid.luid.low = GENERATE_LUID_LOW(i);
+ break;
}
}
@@ -664,9 +685,6 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l
{
int i;
- /* don't crash if the source pointer is NULL (since we don't
- do priviledges now anyways) */
-
if ( !old_la )
return NT_STATUS_OK;
@@ -731,26 +749,6 @@ char* luid_to_privilege_name(const LUID *set)
return name;
}
-/****************************************************************************
- Convert an LUID to a 32-bit mask
-****************************************************************************/
-
-SE_PRIV* luid_to_privilege_mask(const LUID *set)
-{
- static SE_PRIV mask;
- int max = count_all_privileges();
-
- if (set->high != 0)
- return NULL;
-
- if ( set->low > max )
- return NULL;
-
- se_priv_copy( &mask, &privs[set->low - 1].se_priv );
-
- return &mask;
-}
-
/*******************************************************************
return the number of elements in the privlege array
*******************************************************************/