r4196: - added server side code for lsa_LookupPrivDisplayName
authorAndrew Tridgell <tridge@samba.org>
Tue, 14 Dec 2004 05:51:01 +0000 (05:51 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:07:25 +0000 (13:07 -0500)
- added english descriptions of privileges. We should add other
  languages in the future.

source/libcli/security/privilege.c
source/rpc_server/lsa/dcesrv_lsa.c

index 93599598dbee061194a6fd145b0c25855206c1e2..aa01dc2c65712a49b68a7913c1dbeb035b12547a 100644 (file)
 static const struct {
        enum sec_privilege privilege;
        const char *name;
+       const char *display_name;
 } privilege_names[] = {
-       {SEC_PRIV_SECURITY,                   "SeSecurityPrivilege"},
-       {SEC_PRIV_BACKUP,                     "SeBackupPrivilege"},
-       {SEC_PRIV_RESTORE,                    "SeRestorePrivilege"},
-       {SEC_PRIV_SYSTEMTIME,                 "SeSystemtimePrivilege"},
-       {SEC_PRIV_SHUTDOWN,                   "SeShutdownPrivilege"},
-       {SEC_PRIV_REMOTE_SHUTDOWN,            "SeRemoteShutdownPrivilege"},
-       {SEC_PRIV_TAKE_OWNERSHIP,             "SeTakeOwnershipPrivilege"},
-       {SEC_PRIV_DEBUG,                      "SeDebugPrivilege"},
-       {SEC_PRIV_SYSTEM_ENVIRONMENT,         "SeSystemEnvironmentPrivilege"},
-       {SEC_PRIV_SYSTEM_PROFILE,             "SeSystemProfilePrivilege"},
-       {SEC_PRIV_PROFILE_SINGLE_PROCESS,     "SeProfileSingleProcessPrivilege"},
-       {SEC_PRIV_INCREASE_BASE_PRIORITY,     "SeIncreaseBasePriorityPrivilege"},
-       {SEC_PRIV_LOAD_DRIVER,                "SeLoadDriverPrivilege"},
-       {SEC_PRIV_CREATE_PAGEFILE,            "SeCreatePagefilePrivilege"},
-       {SEC_PRIV_INCREASE_QUOTA,             "SeIncreaseQuotaPrivilege"},
-       {SEC_PRIV_CHANGE_NOTIFY,              "SeChangeNotifyPrivilege"},
-       {SEC_PRIV_UNDOCK,                     "SeUndockPrivilege"},
-       {SEC_PRIV_MANAGE_VOLUME,              "SeManageVolumePrivilege"},
-       {SEC_PRIV_IMPERSONATE,                "SeImpersonatePrivilege"},
-       {SEC_PRIV_CREATE_GLOBAL,              "SeCreateGlobalPrivilege"},
-       {SEC_PRIV_ENABLE_DELEGATION,          "SeEnableDelegationPrivilege"},
-       {SEC_PRIV_INTERACTIVE_LOGON,          "SeInteractiveLogonRight"},
-       {SEC_PRIV_NETWORK_LOGON,              "SeNetworkLogonRight"},
-       {SEC_PRIV_REMOTE_INTERACTIVE_LOGON,   "SeRemoteInteractiveLogonRight"}
+       {SEC_PRIV_SECURITY,                   
+        "SeSecurityPrivilege",
+       "System security"},
+
+       {SEC_PRIV_BACKUP,                     
+        "SeBackupPrivilege",
+        "Backup files and directories"},
+
+       {SEC_PRIV_RESTORE,                    
+        "SeRestorePrivilege",
+       "Restore files and directories"},
+
+       {SEC_PRIV_SYSTEMTIME,                 
+        "SeSystemtimePrivilege",
+       "Set the system clock"},
+
+       {SEC_PRIV_SHUTDOWN,                   
+        "SeShutdownPrivilege",
+       "Shutdown the system"},
+
+       {SEC_PRIV_REMOTE_SHUTDOWN,            
+        "SeRemoteShutdownPrivilege",
+       "Shutdown the system remotely"},
+
+       {SEC_PRIV_TAKE_OWNERSHIP,             
+        "SeTakeOwnershipPrivilege",
+       "Take ownership of files and directories"},
+
+       {SEC_PRIV_DEBUG,                      
+        "SeDebugPrivilege",
+       "Debug processes"},
+
+       {SEC_PRIV_SYSTEM_ENVIRONMENT,         
+        "SeSystemEnvironmentPrivilege",
+       "Modify system environment"},
+
+       {SEC_PRIV_SYSTEM_PROFILE,             
+        "SeSystemProfilePrivilege",
+       "Profile the system"},
+
+       {SEC_PRIV_PROFILE_SINGLE_PROCESS,     
+        "SeProfileSingleProcessPrivilege",
+       "Profile one process"},
+
+       {SEC_PRIV_INCREASE_BASE_PRIORITY,     
+        "SeIncreaseBasePriorityPrivilege",
+        "Increase base priority"},
+
+       {SEC_PRIV_LOAD_DRIVER,
+        "SeLoadDriverPrivilege",
+       "Load drivers"},
+
+       {SEC_PRIV_CREATE_PAGEFILE,            
+        "SeCreatePagefilePrivilege",
+       "Create page files"},
+
+       {SEC_PRIV_INCREASE_QUOTA,
+        "SeIncreaseQuotaPrivilege",
+       "Increase quota"},
+
+       {SEC_PRIV_CHANGE_NOTIFY,              
+        "SeChangeNotifyPrivilege",
+       "Register for change notify"},
+
+       {SEC_PRIV_UNDOCK,                     
+        "SeUndockPrivilege",
+       "Undock devices"},
+
+       {SEC_PRIV_MANAGE_VOLUME,              
+        "SeManageVolumePrivilege",
+       "Manage system volumes"},
+
+       {SEC_PRIV_IMPERSONATE,                
+        "SeImpersonatePrivilege",
+       "Impersonate users"},
+
+       {SEC_PRIV_CREATE_GLOBAL,              
+        "SeCreateGlobalPrivilege",
+       "Create global"},
+
+       {SEC_PRIV_ENABLE_DELEGATION,          
+        "SeEnableDelegationPrivilege",
+       "Enable Delegation"},
+
+       {SEC_PRIV_INTERACTIVE_LOGON,          
+        "SeInteractiveLogonRight",
+       "Interactive logon"},
+
+       {SEC_PRIV_NETWORK_LOGON,
+        "SeNetworkLogonRight",
+       "Network logon"},
+
+       {SEC_PRIV_REMOTE_INTERACTIVE_LOGON,   
+        "SeRemoteInteractiveLogonRight",
+       "Remote Interactive logon"}
 };
 
 
@@ -69,6 +141,22 @@ const char *sec_privilege_name(unsigned int privilege)
        return NULL;
 }
 
+/*
+  map a privilege id to a privilege display name. Return NULL if not found
+  
+  TODO: this should use language mappings
+*/
+const char *sec_privilege_display_name(int privilege, uint16_t *language)
+{
+       int i;
+       for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
+               if (privilege_names[i].privilege == privilege) {
+                       return privilege_names[i].display_name;
+               }
+       }
+       return NULL;
+}
+
 /*
   map a privilege name to a privilege id. Return -1 if not found
 */
index 71978caeb4c2b5131dab7b8f9c5e9aef54d3a37a..9f708dac10e518325f355f5c7bdd18e7fe3d01ab 100644 (file)
@@ -852,17 +852,64 @@ static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
                                   TALLOC_CTX *mem_ctx,
                                   struct lsa_LookupPrivName *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       const char *privname;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       if (r->in.luid->high != 0) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+
+       privname = sec_privilege_name(r->in.luid->low);
+       if (privname == NULL) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+
+       r->out.name = talloc_p(mem_ctx, struct lsa_String);
+       if (r->out.name == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       r->out.name->string = privname;
+
+       return NT_STATUS_OK;    
 }
 
 
 /* 
   lsa_LookupPrivDisplayName
 */
-static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct lsa_LookupPrivDisplayName *r)
+static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, 
+                                         TALLOC_CTX *mem_ctx,
+                                         struct lsa_LookupPrivDisplayName *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct dcesrv_handle *h;
+       struct lsa_policy_state *state;
+       int id;
+
+       DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+       state = h->data;
+
+       id = sec_privilege_id(r->in.name->string);
+       if (id == -1) {
+               return NT_STATUS_NO_SUCH_PRIVILEGE;
+       }
+       
+       r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
+       if (r->out.disp_name == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
+       if (r->out.disp_name->string == NULL) {
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       return NT_STATUS_OK;
 }