2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "librpc/gen_ndr/security.h"
27 enum sec_privilege privilege;
29 const char *display_name;
30 } privilege_names[] = {
32 "SeSecurityPrivilege",
37 "Backup files and directories"},
41 "Restore files and directories"},
44 "SeSystemtimePrivilege",
45 "Set the system clock"},
48 "SeShutdownPrivilege",
49 "Shutdown the system"},
51 {SEC_PRIV_REMOTE_SHUTDOWN,
52 "SeRemoteShutdownPrivilege",
53 "Shutdown the system remotely"},
55 {SEC_PRIV_TAKE_OWNERSHIP,
56 "SeTakeOwnershipPrivilege",
57 "Take ownership of files and directories"},
63 {SEC_PRIV_SYSTEM_ENVIRONMENT,
64 "SeSystemEnvironmentPrivilege",
65 "Modify system environment"},
67 {SEC_PRIV_SYSTEM_PROFILE,
68 "SeSystemProfilePrivilege",
69 "Profile the system"},
71 {SEC_PRIV_PROFILE_SINGLE_PROCESS,
72 "SeProfileSingleProcessPrivilege",
73 "Profile one process"},
75 {SEC_PRIV_INCREASE_BASE_PRIORITY,
76 "SeIncreaseBasePriorityPrivilege",
77 "Increase base priority"},
79 {SEC_PRIV_LOAD_DRIVER,
80 "SeLoadDriverPrivilege",
83 {SEC_PRIV_CREATE_PAGEFILE,
84 "SeCreatePagefilePrivilege",
87 {SEC_PRIV_INCREASE_QUOTA,
88 "SeIncreaseQuotaPrivilege",
91 {SEC_PRIV_CHANGE_NOTIFY,
92 "SeChangeNotifyPrivilege",
93 "Register for change notify"},
99 {SEC_PRIV_MANAGE_VOLUME,
100 "SeManageVolumePrivilege",
101 "Manage system volumes"},
103 {SEC_PRIV_IMPERSONATE,
104 "SeImpersonatePrivilege",
105 "Impersonate users"},
107 {SEC_PRIV_CREATE_GLOBAL,
108 "SeCreateGlobalPrivilege",
111 {SEC_PRIV_ENABLE_DELEGATION,
112 "SeEnableDelegationPrivilege",
113 "Enable Delegation"},
115 {SEC_PRIV_INTERACTIVE_LOGON,
116 "SeInteractiveLogonRight",
117 "Interactive logon"},
119 {SEC_PRIV_NETWORK_LOGON,
120 "SeNetworkLogonRight",
123 {SEC_PRIV_REMOTE_INTERACTIVE_LOGON,
124 "SeRemoteInteractiveLogonRight",
125 "Remote Interactive logon"}
130 map a privilege id to the wire string constant
132 const char *sec_privilege_name(enum sec_privilege privilege)
135 for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
136 if (privilege_names[i].privilege == privilege) {
137 return privilege_names[i].name;
144 map a privilege id to a privilege display name. Return NULL if not found
146 TODO: this should use language mappings
148 const char *sec_privilege_display_name(enum sec_privilege privilege, uint16_t *language)
151 if (privilege < 1 || privilege > 64) {
154 for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
155 if (privilege_names[i].privilege == privilege) {
156 return privilege_names[i].display_name;
163 map a privilege name to a privilege id. Return -1 if not found
165 enum sec_privilege sec_privilege_id(const char *name)
168 for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
169 if (strcasecmp(privilege_names[i].name, name) == 0) {
170 return privilege_names[i].privilege;
178 return a privilege mask given a privilege id
180 static uint64_t sec_privilege_mask(enum sec_privilege privilege)
184 if (privilege < 1 || privilege > 64) {
188 mask <<= (privilege-1);
194 return True if a security_token has a particular privilege bit set
196 BOOL security_token_has_privilege(const struct security_token *token, enum sec_privilege privilege)
200 if (privilege < 1 || privilege > 64) {
204 mask = sec_privilege_mask(privilege);
205 if (token->privilege_mask & mask) {
212 set a bit in the privilege mask
214 void security_token_set_privilege(struct security_token *token, enum sec_privilege privilege)
216 if (privilege < 1 || privilege > 64) {
219 token->privilege_mask |= sec_privilege_mask(privilege);
222 void security_token_debug_privileges(int dbg_lev, const struct security_token *token)
224 DEBUGADD(dbg_lev, (" Privileges (0x%16llX):\n",
225 (unsigned long long) token->privilege_mask));
227 if (token->privilege_mask) {
231 for (privilege = 1; privilege <= 64; privilege++) {
232 uint64_t mask = sec_privilege_mask(privilege);
234 if (token->privilege_mask & mask) {
235 DEBUGADD(dbg_lev, (" Privilege[%3lu]: %s\n", (unsigned long)i++,
236 sec_privilege_name(privilege)));