2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "librpc/gen_ndr/security.h"
24 #include "libcli/security/security.h"
28 enum sec_privilege privilege
;
30 const char *display_name
;
31 } privilege_names
[] = {
33 "SeSecurityPrivilege",
38 "Backup files and directories"},
42 "Restore files and directories"},
45 "SeSystemtimePrivilege",
46 "Set the system clock"},
49 "SeShutdownPrivilege",
50 "Shutdown the system"},
52 {SEC_PRIV_REMOTE_SHUTDOWN
,
53 "SeRemoteShutdownPrivilege",
54 "Shutdown the system remotely"},
56 {SEC_PRIV_TAKE_OWNERSHIP
,
57 "SeTakeOwnershipPrivilege",
58 "Take ownership of files and directories"},
64 {SEC_PRIV_SYSTEM_ENVIRONMENT
,
65 "SeSystemEnvironmentPrivilege",
66 "Modify system environment"},
68 {SEC_PRIV_SYSTEM_PROFILE
,
69 "SeSystemProfilePrivilege",
70 "Profile the system"},
72 {SEC_PRIV_PROFILE_SINGLE_PROCESS
,
73 "SeProfileSingleProcessPrivilege",
74 "Profile one process"},
76 {SEC_PRIV_INCREASE_BASE_PRIORITY
,
77 "SeIncreaseBasePriorityPrivilege",
78 "Increase base priority"},
80 {SEC_PRIV_LOAD_DRIVER
,
81 "SeLoadDriverPrivilege",
84 {SEC_PRIV_CREATE_PAGEFILE
,
85 "SeCreatePagefilePrivilege",
88 {SEC_PRIV_INCREASE_QUOTA
,
89 "SeIncreaseQuotaPrivilege",
92 {SEC_PRIV_CHANGE_NOTIFY
,
93 "SeChangeNotifyPrivilege",
94 "Register for change notify"},
100 {SEC_PRIV_MANAGE_VOLUME
,
101 "SeManageVolumePrivilege",
102 "Manage system volumes"},
104 {SEC_PRIV_IMPERSONATE
,
105 "SeImpersonatePrivilege",
106 "Impersonate users"},
108 {SEC_PRIV_CREATE_GLOBAL
,
109 "SeCreateGlobalPrivilege",
112 {SEC_PRIV_ENABLE_DELEGATION
,
113 "SeEnableDelegationPrivilege",
114 "Enable Delegation"},
116 {SEC_PRIV_INTERACTIVE_LOGON
,
117 "SeInteractiveLogonRight",
118 "Interactive logon"},
120 {SEC_PRIV_NETWORK_LOGON
,
121 "SeNetworkLogonRight",
124 {SEC_PRIV_REMOTE_INTERACTIVE_LOGON
,
125 "SeRemoteInteractiveLogonRight",
126 "Remote Interactive logon"},
128 {SEC_PRIV_MACHINE_ACCOUNT
,
129 "SeMachineAccountPrivilege",
130 "Add workstations to domain"}
135 map a privilege id to the wire string constant
137 const char *sec_privilege_name(enum sec_privilege privilege
)
140 for (i
=0;i
<ARRAY_SIZE(privilege_names
);i
++) {
141 if (privilege_names
[i
].privilege
== privilege
) {
142 return privilege_names
[i
].name
;
149 map a privilege id to a privilege display name. Return NULL if not found
151 TODO: this should use language mappings
153 const char *sec_privilege_display_name(enum sec_privilege privilege
, uint16_t *language
)
156 if (privilege
< 1 || privilege
> 64) {
159 for (i
=0;i
<ARRAY_SIZE(privilege_names
);i
++) {
160 if (privilege_names
[i
].privilege
== privilege
) {
161 return privilege_names
[i
].display_name
;
168 map a privilege name to a privilege id. Return -1 if not found
170 enum sec_privilege
sec_privilege_id(const char *name
)
173 for (i
=0;i
<ARRAY_SIZE(privilege_names
);i
++) {
174 if (strcasecmp(privilege_names
[i
].name
, name
) == 0) {
175 return privilege_names
[i
].privilege
;
183 return a privilege mask given a privilege id
185 static uint64_t sec_privilege_mask(enum sec_privilege privilege
)
189 if (privilege
< 1 || privilege
> 64) {
193 mask
<<= (privilege
-1);
199 return true if a security_token has a particular privilege bit set
201 bool security_token_has_privilege(const struct security_token
*token
, enum sec_privilege privilege
)
205 if (privilege
< 1 || privilege
> 64) {
209 mask
= sec_privilege_mask(privilege
);
210 if (token
->privilege_mask
& mask
) {
217 set a bit in the privilege mask
219 void security_token_set_privilege(struct security_token
*token
, enum sec_privilege privilege
)
221 if (privilege
< 1 || privilege
> 64) {
224 token
->privilege_mask
|= sec_privilege_mask(privilege
);
227 void security_token_debug_privileges(int dbg_lev
, const struct security_token
*token
)
229 DEBUGADD(dbg_lev
, (" Privileges (0x%16llX):\n",
230 (unsigned long long) token
->privilege_mask
));
232 if (token
->privilege_mask
) {
236 for (privilege
= 1; privilege
<= 64; privilege
++) {
237 uint64_t mask
= sec_privilege_mask(privilege
);
239 if (token
->privilege_mask
& mask
) {
240 DEBUGADD(dbg_lev
, (" Privilege[%3lu]: %s\n", (unsigned long)i
++,
241 sec_privilege_name(privilege
)));