1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
/*
Unix SMB/CIFS implementation.
SMB parameters and setup
Copyright (C) Andrew Tridgell 1992-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
Copyright (C) Paul Ashton 1997
Copyright (C) Simo Sorce 2003
Copyright (C) Gerald (Jerry) Carter 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef PRIVILEGES_H
#define PRIVILEGES_H
/* common privilege defines */
#define SE_END { { 0x00000000, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_NONE { { 0x00000000, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_ALL_PRIVS { { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF } }
/*
* We will use our own set of privileges since it makes no sense
* to implement all of the Windows set when only a portion will
* be used. Use 128-bit mask to give room to grow.
*/
#define SE_NETWORK_LOGON { { 0x00000001, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_INTERACTIVE_LOGON { { 0x00000002, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_BATCH_LOGON { { 0x00000004, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_SERVICE_LOGON { { 0x00000008, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_MACHINE_ACCOUNT { { 0x00000010, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_PRINT_OPERATOR { { 0x00000020, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_ADD_USERS { { 0x00000040, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_DISK_OPERATOR { { 0x00000080, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_REMOTE_SHUTDOWN { { 0x00000100, 0x00000000, 0x00000000, 0x00000000 } }
#if 0 /* not needed currently */
#define SE_ASSIGN_PRIMARY_TOKEN
#define SE_CREATE_TOKEN
#define SE_LOCK_MEMORY
#define SE_INCREASE_QUOTA
#define SE_UNSOLICITED_INPUT
#define SE_TCB
#define SE_SECURITY
#define SE_TAKE_OWNERSHIP
#define SE_LOAD_DRIVER
#define SE_SYSTEM_PROFILE
#define SE_SYSTEM_TIME
#define SE_PROF_SINGLE_PROCESS
#define SE_INC_BASE_PRIORITY
#define SE_CREATE_PAGEFILE
#define SE_CREATE_PERMANENT
#define SE_BACKUP
#define SE_RESTORE
#define SE_SHUTDOWN
#define SE_DEBUG
#define SE_AUDIT
#define SE_SYSTEM_ENVIRONMENT
#define SE_CHANGE_NOTIFY
#define SE_REMOTE_SHUTDOWN
#define SE_UNDOCK
#define SE_SYNC_AGENT
#define SE_ENABLE_DELEGATION
#endif /* not needed currently */
/*
* These are used in Lsa replies (srv_lsa_nt.c)
*/
#define PR_NONE 0x0000
#define PR_LOG_ON_LOCALLY 0x0001
#define PR_ACCESS_FROM_NETWORK 0x0002
#define PR_LOG_ON_BATCH_JOB 0x0004
#define PR_LOG_ON_SERVICE 0x0010
#ifndef _BOOL
typedef int BOOL;
#define _BOOL /* So we don't typedef BOOL again in vfs.h */
#endif
typedef struct LUID
{
uint32 low;
uint32 high;
} LUID;
typedef struct LUID_ATTR
{
LUID luid;
uint32 attr;
} LUID_ATTR;
typedef struct privilege_set
{
TALLOC_CTX *mem_ctx;
BOOL ext_ctx;
uint32 count;
uint32 control;
LUID_ATTR *set;
} PRIVILEGE_SET;
#define SE_PRIV_MASKSIZE 4
typedef struct {
uint32 mask[SE_PRIV_MASKSIZE];
} SE_PRIV;
typedef struct _PRIVS {
SE_PRIV se_priv;
const char *name;
const char *description;
} PRIVS;
#endif /* PRIVILEGES_H */
|
