smb_privilege.h revision b3700b074e637f8c6991b70754c88a2cfffb246b
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _SMB_PRIVILEGE_H
#define _SMB_PRIVILEGE_H
#include <smbsrv/wintypes.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* Privileges
*
* Privileges apply to all objects and over-ride the access controls
* in an object's security descriptor in a manner specific to each
* privilege. Privileges are still not full defined. Privileges are
* defined in a set structure (LUID = Locally Unique Identifier).
*
* The default LUID, name and display names defined on NT 4.0 are:
* LUID Privilege Name Display Name
* ---- -------------- ------------
* 0:2 SeCreateTokenPrivilege Create a token object
* 0:3 SeAssignPrimaryTokenPrivilege Replace a process level token
* 0:4 SeLockMemoryPrivilege Lock pages in memory
* 0:5 SeIncreaseQuotaPrivilege Increase quotas
* 0:6 SeMachineAccountPrivilege Add workstations to domain
* 0:7 SeTcbPrivilege Act as part of the operating system
* 0:8 SeSecurityPrivilege Manage auditing and security log
* 0:9 SeTakeOwnershipPrivilege Take ownership of files or other objects
* 0:10 SeLoadDriverPrivilege Load and unload device drivers
* 0:11 SeSystemProfilePrivilege Profile system performance
* 0:12 SeSystemtimePrivilege Change the system time
* 0:13 SeProfileSingleProcessPrivilege Profile single process
* 0:14 SeIncreaseBasePriorityPrivilege Increase scheduling priority
* 0:15 SeCreatePagefilePrivilege Create a pagefile
* 0:16 SeCreatePermanentPrivilege Create permanent shared objects
* 0:17 SeBackupPrivilege Back up files and directories
* 0:18 SeRestorePrivilege Restore files and directories
* 0:19 SeShutdownPrivilege Shut down the system
* 0:20 SeDebugPrivilege Debug programs
* 0:21 SeAuditPrivilege Generate security audits
* 0:22 SeSystemEnvironmentPrivilege Modify firmware environment values
* 0:23 SeChangeNotifyPrivilege Bypass traverse checking
* 0:24 SeRemoteShutdownPrivilege Force shutdown from a remote system
*/
/*
* Privilege names
*/
#define SE_CREATE_TOKEN_NAME "SeCreateTokenPrivilege"
#define SE_ASSIGNPRIMARYTOKEN_NAME "SeAssignPrimaryTokenPrivilege"
#define SE_LOCK_MEMORY_NAME "SeLockMemoryPrivilege"
#define SE_INCREASE_QUOTA_NAME "SeIncreaseQuotaPrivilege"
#define SE_UNSOLICITED_INPUT_NAME "SeUnsolicitedInputPrivilege"
#define SE_MACHINE_ACCOUNT_NAME "SeMachineAccountPrivilege"
#define SE_TCB_NAME "SeTcbPrivilege"
#define SE_SECURITY_NAME "SeSecurityPrivilege"
#define SE_TAKE_OWNERSHIP_NAME "SeTakeOwnershipPrivilege"
#define SE_LOAD_DRIVER_NAME "SeLoadDriverPrivilege"
#define SE_SYSTEM_PROFILE_NAME "SeSystemProfilePrivilege"
#define SE_SYSTEMTIME_NAME "SeSystemtimePrivilege"
#define SE_PROF_SINGLE_PROCESS_NAME "SeProfileSingleProcessPrivilege"
#define SE_INC_BASE_PRIORITY_NAME "SeIncreaseBasePriorityPrivilege"
#define SE_CREATE_PAGEFILE_NAME "SeCreatePagefilePrivilege"
#define SE_CREATE_PERMANENT_NAME "SeCreatePermanentPrivilege"
#define SE_BACKUP_NAME "SeBackupPrivilege"
#define SE_RESTORE_NAME "SeRestorePrivilege"
#define SE_SHUTDOWN_NAME "SeShutdownPrivilege"
#define SE_DEBUG_NAME "SeDebugPrivilege"
#define SE_AUDIT_NAME "SeAuditPrivilege"
#define SE_SYSTEM_ENVIRONMENT_NAME "SeSystemEnvironmentPrivilege"
#define SE_CHANGE_NOTIFY_NAME "SeChangeNotifyPrivilege"
#define SE_REMOTE_SHUTDOWN_NAME "SeRemoteShutdownPrivilege"
#define SE_MIN_LUID 2
#define SE_CREATE_TOKEN_LUID 2
#define SE_ASSIGNPRIMARYTOKEN_LUID 3
#define SE_LOCK_MEMORY_LUID 4
#define SE_INCREASE_QUOTA_LUID 5
#define SE_MACHINE_ACCOUNT_LUID 6
#define SE_TCB_LUID 7
#define SE_SECURITY_LUID 8
#define SE_TAKE_OWNERSHIP_LUID 9
#define SE_LOAD_DRIVER_LUID 10
#define SE_SYSTEM_PROFILE_LUID 11
#define SE_SYSTEMTIME_LUID 12
#define SE_PROF_SINGLE_PROCESS_LUID 13
#define SE_INC_BASE_PRIORITY_LUID 14
#define SE_CREATE_PAGEFILE_LUID 15
#define SE_CREATE_PERMANENT_LUID 16
#define SE_BACKUP_LUID 17
#define SE_RESTORE_LUID 18
#define SE_SHUTDOWN_LUID 19
#define SE_DEBUG_LUID 20
#define SE_AUDIT_LUID 21
#define SE_SYSTEM_ENVIRONMENT_LUID 22
#define SE_CHANGE_NOTIFY_LUID 23
#define SE_REMOTE_SHUTDOWN_LUID 24
#define SE_MAX_LUID 24
/*
* Privilege attributes
*/
#define SE_PRIVILEGE_DISABLED 0x00000000
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT 0x00000001
#define SE_PRIVILEGE_ENABLED 0x00000002
#define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000
/*
* Privilege Set Control flags
*/
#define PRIVILEGE_SET_ALL_NECESSARY 1
typedef struct smb_luid {
} smb_luid_t;
typedef struct smb_luid_attrs {
typedef struct smb_privset {
/*
* These are possible value for smb_privinfo_t.flags
*
* PF_PRESENTABLE Privilege is user visible
*/
#define PF_PRESENTABLE 0x1
/*
* Structure for passing privilege name and id information around within
* the system. Note that we are only storing the low uint32_t of the LUID;
* the high part is always zero here.
*/
typedef struct smb_privinfo {
char *name;
char *display_name;
int smb_priv_presentable_num(void);
int smb_privset_size();
#ifdef __cplusplus
}
#endif
#endif /* _SMB_PRIVILEGE_H */