libsmb/common/smb_privilege.c

da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This module provides the interface to the built-in privilege names
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and id's. NT privileges are known on the network using strings. Each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * system assigns locally unique identifiers (LUID) for use within the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * system. Each built-in privilege also has a display-name, which is a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * short description of the privilege. The functions here provide an
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * interface to map between LUIDs, names and display names.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <string.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <syslog.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/string.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smb_privilege.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic char *smb_priv_getname(uint32_t id);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Table of built-in privilege id's, names and display strings. This
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * table matches the response from an NT4.0 PDC LSARPC service.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Requests for values 0 and 1 return STATUS_NO_SUCH_PRIVILEGE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SE_UNSOLICITED_INPUT_NAME/SeUnsolicitedInputPrivilege is defined in
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * winnt.h but doesn't appear in the list reported by the NT4.0 LSA.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic smb_privinfo_t priv_table[] = {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  0, "", "", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  1, "", "", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  2, SE_CREATE_TOKEN_NAME, "Create a token object", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  3, SE_ASSIGNPRIMARYTOKEN_NAME, "Replace a process level token", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  4, SE_LOCK_MEMORY_NAME, "Lock pages in memory", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  5, SE_INCREASE_QUOTA_NAME, "Increase quotas", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  6, SE_MACHINE_ACCOUNT_NAME, "Add workstations to domain", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  7, SE_TCB_NAME, "Act as part of the operating system", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  8, SE_SECURITY_NAME, "Manage auditing and security log", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    {  9, SE_TAKE_OWNERSHIP_NAME,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        "Take ownership of files or other objects", PF_PRESENTABLE },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 10, SE_LOAD_DRIVER_NAME, "Load and unload device drivers", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 11, SE_SYSTEM_PROFILE_NAME, "Profile system performance", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 12, SE_SYSTEMTIME_NAME, "Change the system time", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 13, SE_PROF_SINGLE_PROCESS_NAME, "Profile single process", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 14, SE_INC_BASE_PRIORITY_NAME, "Increase scheduling priority", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 15, SE_CREATE_PAGEFILE_NAME, "Create a pagefile", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 16, SE_CREATE_PERMANENT_NAME, "Create permanent shared objects", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 17, SE_BACKUP_NAME, "Back up files and directories",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        PF_PRESENTABLE },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 18, SE_RESTORE_NAME, "Restore files and directories",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        PF_PRESENTABLE },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 19, SE_SHUTDOWN_NAME, "Shut down the system", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 20, SE_DEBUG_NAME, "Debug programs", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 21, SE_AUDIT_NAME, "Generate security audits", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 22, SE_SYSTEM_ENVIRONMENT_NAME,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        "Modify firmware environment values", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 23, SE_CHANGE_NOTIFY_NAME, "Bypass traverse checking", 0 },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    { 24, SE_REMOTE_SHUTDOWN_NAME,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        "Force shutdown from a remote system", 0 }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw};
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_presentable_num
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns number of presentable privileges
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_priv_presentable_num()
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i, num;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    num = 0;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    for (i = SE_MIN_LUID; i <= SE_MAX_LUID; i++)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (priv_table[i].flags == PF_PRESENTABLE)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            num++;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (num);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_presentable_ids
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns IDs of presentable privileges
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 0 in case of invalid parameter and 1 on success.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_priv_presentable_ids(uint32_t *ids, int num)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i, j;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (ids == NULL || num <= 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    for (i = SE_MIN_LUID, j = 0; i <= SE_MAX_LUID; i++)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (priv_table[i].flags == PF_PRESENTABLE)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            ids[j++] = priv_table[i].id;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_getbyvalue
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Return the privilege info for the specified id (low part of the LUID).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns a null pointer if id is out-of-range.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privinfo_t *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_priv_getbyvalue(uint32_t id)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (id < SE_MIN_LUID || id > SE_MAX_LUID)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (&priv_table[id]);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_priv_getbyname
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Return the privilege info for the specified name. Returns a null
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * pointer if we can't find a matching name in the table.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privinfo_t *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_priv_getbyname(char *name)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_privinfo_t *entry;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (name == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    for (i = SE_MIN_LUID; i <= SE_MAX_LUID; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        entry = &priv_table[i];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown        if (smb_strcasecmp(name, entry->name, 0) == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            return (entry);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_size
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns the memory block size needed to keep a complete
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * set of privileges in a smb_privset_t structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_size()
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    int pcnt = SE_MAX_LUID - SE_MIN_LUID + 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (2 * sizeof (uint32_t) +
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        pcnt * sizeof (smb_luid_attrs_t));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_validate
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Validates the given privilege set structure
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 1 if the structure is Ok, otherwise returns 0.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_validate(smb_privset_t *privset)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int count;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    uint32_t i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (privset == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    count = SE_MAX_LUID - SE_MIN_LUID + 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (privset->priv_cnt != count) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; i < count; i++) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (privset->priv[i].luid.hi_part != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (privset->priv[i].luid.lo_part !=
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            i + SE_MIN_LUID) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_init
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * initialize all privileges in disable state.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_init(smb_privset_t *privset)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int count;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    uint32_t i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (privset == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    count = SE_MAX_LUID - SE_MIN_LUID + 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    privset->priv_cnt = count;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    privset->control = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; i < count; i++) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        privset->priv[i].luid.hi_part = 0;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        privset->priv[i].luid.lo_part = i + SE_MIN_LUID;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        privset->priv[i].attrs = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_new
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Allocate memory and initialize all privileges in disable state.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns pointer to allocated space or NULL if there is not
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * enough memory.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_t *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_new()
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_privset_t *privset;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    privset = malloc(smb_privset_size());
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (privset == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NULL);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_privset_init(privset);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (privset);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_copy
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Copy privleges information specified by 'src' to the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * buffer specified by dst.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_copy(smb_privset_t *dst, smb_privset_t *src)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (src == 0 || dst == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) memcpy(dst, src, smb_privset_size());
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * smb_privset_merge
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Enable the privileges that are enabled in src in dst
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asvoid
dc20a3024900c47dd2ee44b9707e6df38f7d62a5assmb_privset_merge(smb_privset_t *dst, smb_privset_t *src)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    int i;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (src == NULL || dst == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    for (i = 0; i < src->priv_cnt; i++) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if (src->priv[i].attrs == SE_PRIVILEGE_ENABLED)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            smb_privset_enable(dst, src->priv[i].luid.lo_part);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smb_privset_free
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This will free the memory allocated by the 'privset'.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_free(smb_privset_t *privset)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    free(privset);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_enable(smb_privset_t *privset, uint32_t id)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (privset == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; i < privset->priv_cnt; i++) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (privset->priv[i].luid.lo_part == id)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            privset->priv[i].attrs = SE_PRIVILEGE_ENABLED;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_log(smb_privset_t *privset)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_luid_t *luid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i, ecnt;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (privset == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0, ecnt = 0; i < privset->priv_cnt; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (privset->priv[i].attrs != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            ecnt++;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    syslog(LOG_DEBUG, "   Privilege Count: %d (Enable=%d)",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        privset->priv_cnt, ecnt);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; i < privset->priv_cnt; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (privset->priv[i].attrs != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            luid = &privset->priv[i].luid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            syslog(LOG_DEBUG, "    %s",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                smb_priv_getname(luid->lo_part));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_privset_query(smb_privset_t *privset, uint32_t id)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (privset == NULL)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; privset->priv_cnt; i++) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (privset->priv[i].luid.lo_part == id) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            if (privset->priv[i].attrs == SE_PRIVILEGE_ENABLED)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            else
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic char *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwsmb_priv_getname(uint32_t id)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (id < SE_MIN_LUID || id > SE_MAX_LUID)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return ("Unknown Privilege");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (priv_table[id].name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}