diff options
-rw-r--r-- | librpc/idl/security.idl | 39 | ||||
-rw-r--r-- | source3/include/privileges.h | 20 |
2 files changed, 40 insertions, 19 deletions
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index b8b35d2c2b..20cbb4189b 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -347,6 +347,45 @@ interface security SEC_PRIV_MACHINE_ACCOUNT = 25 } sec_privilege; +/* + * We will use our own bitmap here as the Samba3 privilages.tdb records these values + */ + typedef [bitmap64bit] bitmap { + SE_NETWORK_LOGON = 0x00000001, + SE_INTERACTIVE_LOGON = 0x00000002, + SE_BATCH_LOGON = 0x00000004, + SE_SERVICE_LOGON = 0x00000008, + SE_MACHINE_ACCOUNT = 0x00000010, + + /* Samba-specific privs */ + SE_PRINT_OPERATOR = 0x00000020, + SE_ADD_USERS = 0x00000040, + SE_DISK_OPERATOR = 0x00000080, + + SE_REMOTE_SHUTDOWN = 0x00000100, + SE_BACKUP = 0x00000200, + SE_RESTORE = 0x00000400, + SE_TAKE_OWNERSHIP = 0x00000800, + SE_INCREASE_QUOTA = 0x00001000, + SE_SECURITY = 0x00002000, + SE_LOAD_DRIVER = 0x00004000, + SE_SYSTEM_PROFILE = 0x00008000, + SE_SYSTEMTIME = 0x00010000, + SE_PROFILE_SINGLE_PROCESS = 0x00020000, + SE_INCREASE_BASE_PRIORITY = 0x00040000, + SE_CREATE_PAGEFILE = 0x00080000, + SE_SHUTDOWN = 0x00100000, + SE_DEBUG = 0x00200000, + SE_SYSTEM_ENVIRONMENT = 0x00400000, + SE_CHANGE_NOTIFY = 0x00800000, + SE_UNDOCK = 0x01000000, + SE_ENABLE_DELEGATION = 0x02000000, + SE_MANAGE_VOLUME = 0x04000000, + SE_IMPERSONATE = 0x08000000, + SE_CREATE_GLOBAL = 0x10000000, + /* Windows privs not in the list above */ + SE_REMOTE_INTERACTIVE_LOGON = 0x20000000 + } se_privilege; typedef [public,bitmap8bit] bitmap { SEC_ACE_FLAG_OBJECT_INHERIT = 0x01, diff --git a/source3/include/privileges.h b/source3/include/privileges.h index ba09f57fae..ab16edfa6d 100644 --- a/source3/include/privileges.h +++ b/source3/include/privileges.h @@ -26,6 +26,7 @@ #define PRIVILEGES_H #include "../librpc/gen_ndr/lsa.h" +#include "../librpc/gen_ndr/security.h" /* privilege bitmask */ @@ -38,25 +39,6 @@ typedef uint64_t SE_PRIV; #define SE_ALL_PRIVS (SE_PRIV)-1 -/* - * We will use our own set of privileges since it makes no sense - * to implement all of the Windows set when only a portion will - * be used. Use 64-bit mask to give room to grow. - */ - -#define SE_NETWORK_LOGON 0x00000001 -#define SE_INTERACTIVE_LOGON 0x00000002 -#define SE_BATCH_LOGON 0x00000004 -#define SE_SERVICE_LOGON 0x00000008 -#define SE_MACHINE_ACCOUNT 0x00000010 -#define SE_PRINT_OPERATOR 0x00000020 -#define SE_ADD_USERS 0x00000040 -#define SE_DISK_OPERATOR 0x00000080 -#define SE_REMOTE_SHUTDOWN 0x00000100 -#define SE_BACKUP 0x00000200 -#define SE_RESTORE 0x00000400 -#define SE_TAKE_OWNERSHIP 0x00000800 - /* defined in lib/privilegs_basic.c */ extern const SE_PRIV se_priv_all; |