da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This module provides the interface to the built-in privilege names
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and id's. NT privileges are known on the network using strings. Each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * system assigns locally unique identifiers (LUID) for use within the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * system. Each built-in privilege also has a display-name, which is a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * short description of the privilege. The functions here provide an
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * interface to map between LUIDs, names and display names.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Table of built-in privilege id's, names and display strings. This
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * table matches the response from an NT4.0 PDC LSARPC service.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Requests for values 0 and 1 return STATUS_NO_SUCH_PRIVILEGE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SE_UNSOLICITED_INPUT_NAME/SeUnsolicitedInputPrivilege is defined in
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * winnt.h but doesn't appear in the list reported by the NT4.0 LSA.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 2, SE_CREATE_TOKEN_NAME, "Create a token object", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 3, SE_ASSIGNPRIMARYTOKEN_NAME, "Replace a process level token", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 6, SE_MACHINE_ACCOUNT_NAME, "Add workstations to domain", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 7, SE_TCB_NAME, "Act as part of the operating system", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 8, SE_SECURITY_NAME, "Manage auditing and security log", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Take ownership of files or other objects", PF_PRESENTABLE },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 10, SE_LOAD_DRIVER_NAME, "Load and unload device drivers", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 11, SE_SYSTEM_PROFILE_NAME, "Profile system performance", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 12, SE_SYSTEMTIME_NAME, "Change the system time", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 13, SE_PROF_SINGLE_PROCESS_NAME, "Profile single process", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 14, SE_INC_BASE_PRIORITY_NAME, "Increase scheduling priority", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 15, SE_CREATE_PAGEFILE_NAME, "Create a pagefile", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 16, SE_CREATE_PERMANENT_NAME, "Create permanent shared objects", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Modify firmware environment values", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { 23, SE_CHANGE_NOTIFY_NAME, "Bypass traverse checking", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Force shutdown from a remote system", 0 }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_presentable_num
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns number of presentable privileges
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_presentable_ids
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns IDs of presentable privileges
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 0 in case of invalid parameter and 1 on success.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_getbyvalue
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Return the privilege info for the specified id (low part of the LUID).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns a null pointer if id is out-of-range.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_getbyname
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Return the privilege info for the specified name. Returns a null
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * pointer if we can't find a matching name in the table.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_size
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns the memory block size needed to keep a complete
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * set of privileges in a smb_privset_t structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_validate
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Validates the given privilege set structure
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 1 if the structure is Ok, otherwise returns 0.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (privset == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw for (i = 0; i < count; i++) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_init
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * initialize all privileges in disable state.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw for (i = 0; i < count; i++) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_new
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Allocate memory and initialize all privileges in disable state.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns pointer to allocated space or NULL if there is not
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * enough memory.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_copy
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Copy privleges information specified by 'src' to the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * buffer specified by dst.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * smb_privset_merge
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Enable the privileges that are enabled in src in dst
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_free
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This will free the memory allocated by the 'privset'.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic char *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return ("Unknown Privilege");