2
Unix SMB/CIFS implementation.
6
Copyright (C) Andrew Tridgell 2004
8
This program is free software; you can redistribute it and/or modify
9
it under the terms of the GNU General Public License as published by
10
the Free Software Foundation; either version 3 of the License, or
11
(at your option) any later version.
13
This program is distributed in the hope that it will be useful,
14
but WITHOUT ANY WARRANTY; without even the implied warranty of
15
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
GNU General Public License for more details.
18
You should have received a copy of the GNU General Public License
19
along with this program. If not, see <http://www.gnu.org/licenses/>.
23
#include "librpc/gen_ndr/security.h"
24
#include "libcli/security/security.h"
28
enum sec_privilege privilege;
30
const char *display_name;
31
} privilege_names[] = {
33
"SeSecurityPrivilege",
38
"Backup files and directories"},
42
"Restore files and directories"},
45
"SeSystemtimePrivilege",
46
"Set the system clock"},
49
"SeShutdownPrivilege",
50
"Shutdown the system"},
52
{SEC_PRIV_REMOTE_SHUTDOWN,
53
"SeRemoteShutdownPrivilege",
54
"Shutdown the system remotely"},
56
{SEC_PRIV_TAKE_OWNERSHIP,
57
"SeTakeOwnershipPrivilege",
58
"Take ownership of files and directories"},
64
{SEC_PRIV_SYSTEM_ENVIRONMENT,
65
"SeSystemEnvironmentPrivilege",
66
"Modify system environment"},
68
{SEC_PRIV_SYSTEM_PROFILE,
69
"SeSystemProfilePrivilege",
70
"Profile the system"},
72
{SEC_PRIV_PROFILE_SINGLE_PROCESS,
73
"SeProfileSingleProcessPrivilege",
74
"Profile one process"},
76
{SEC_PRIV_INCREASE_BASE_PRIORITY,
77
"SeIncreaseBasePriorityPrivilege",
78
"Increase base priority"},
80
{SEC_PRIV_LOAD_DRIVER,
81
"SeLoadDriverPrivilege",
84
{SEC_PRIV_CREATE_PAGEFILE,
85
"SeCreatePagefilePrivilege",
88
{SEC_PRIV_INCREASE_QUOTA,
89
"SeIncreaseQuotaPrivilege",
92
{SEC_PRIV_CHANGE_NOTIFY,
93
"SeChangeNotifyPrivilege",
94
"Register for change notify"},
100
{SEC_PRIV_MANAGE_VOLUME,
101
"SeManageVolumePrivilege",
102
"Manage system volumes"},
104
{SEC_PRIV_IMPERSONATE,
105
"SeImpersonatePrivilege",
106
"Impersonate users"},
108
{SEC_PRIV_CREATE_GLOBAL,
109
"SeCreateGlobalPrivilege",
112
{SEC_PRIV_ENABLE_DELEGATION,
113
"SeEnableDelegationPrivilege",
114
"Enable Delegation"},
116
{SEC_PRIV_INTERACTIVE_LOGON,
117
"SeInteractiveLogonRight",
118
"Interactive logon"},
120
{SEC_PRIV_NETWORK_LOGON,
121
"SeNetworkLogonRight",
124
{SEC_PRIV_REMOTE_INTERACTIVE_LOGON,
125
"SeRemoteInteractiveLogonRight",
126
"Remote Interactive logon"},
128
{SEC_PRIV_MACHINE_ACCOUNT,
129
"SeMachineAccountPrivilege",
130
"Add workstations to domain"}
135
map a privilege id to the wire string constant
137
const char *sec_privilege_name(enum sec_privilege privilege)
140
for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
141
if (privilege_names[i].privilege == privilege) {
142
return privilege_names[i].name;
149
map a privilege id to a privilege display name. Return NULL if not found
151
TODO: this should use language mappings
153
const char *sec_privilege_display_name(enum sec_privilege privilege, uint16_t *language)
156
if (privilege < 1 || privilege > 64) {
159
for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
160
if (privilege_names[i].privilege == privilege) {
161
return privilege_names[i].display_name;
168
map a privilege name to a privilege id. Return -1 if not found
170
enum sec_privilege sec_privilege_id(const char *name)
173
for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
174
if (strcasecmp(privilege_names[i].name, name) == 0) {
175
return privilege_names[i].privilege;
183
return a privilege mask given a privilege id
185
static uint64_t sec_privilege_mask(enum sec_privilege privilege)
189
if (privilege < 1 || privilege > 64) {
193
mask <<= (privilege-1);
199
return true if a security_token has a particular privilege bit set
201
bool security_token_has_privilege(const struct security_token *token, enum sec_privilege privilege)
205
if (privilege < 1 || privilege > 64) {
209
mask = sec_privilege_mask(privilege);
210
if (token->privilege_mask & mask) {
217
set a bit in the privilege mask
219
void security_token_set_privilege(struct security_token *token, enum sec_privilege privilege)
221
if (privilege < 1 || privilege > 64) {
224
token->privilege_mask |= sec_privilege_mask(privilege);
227
void security_token_debug_privileges(int dbg_lev, const struct security_token *token)
229
DEBUGADD(dbg_lev, (" Privileges (0x%16llX):\n",
230
(unsigned long long) token->privilege_mask));
232
if (token->privilege_mask) {
236
for (privilege = 1; privilege <= 64; privilege++) {
237
uint64_t mask = sec_privilege_mask(privilege);
239
if (token->privilege_mask & mask) {
240
DEBUGADD(dbg_lev, (" Privilege[%3lu]: %s\n", (unsigned long)i++,
241
sec_privilege_name(privilege)));