2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_security.h"
28 enum sec_privilege privilege;
30 const char *display_name;
31 } privilege_names[] = {
33 "SeSecurityPrivilege",
38 "Backup files and directories"},
42 "Restore files and directories"},
45 "SeSystemtimePrivilege",
46 "Set the system clock"},
49 "SeShutdownPrivilege",
50 "Shutdown the system"},
52 {SEC_PRIV_REMOTE_SHUTDOWN,
53 "SeRemoteShutdownPrivilege",
54 "Shutdown the system remotely"},
56 {SEC_PRIV_TAKE_OWNERSHIP,
57 "SeTakeOwnershipPrivilege",
58 "Take ownership of files and directories"},
64 {SEC_PRIV_SYSTEM_ENVIRONMENT,
65 "SeSystemEnvironmentPrivilege",
66 "Modify system environment"},
68 {SEC_PRIV_SYSTEM_PROFILE,
69 "SeSystemProfilePrivilege",
70 "Profile the system"},
72 {SEC_PRIV_PROFILE_SINGLE_PROCESS,
73 "SeProfileSingleProcessPrivilege",
74 "Profile one process"},
76 {SEC_PRIV_INCREASE_BASE_PRIORITY,
77 "SeIncreaseBasePriorityPrivilege",
78 "Increase base priority"},
80 {SEC_PRIV_LOAD_DRIVER,
81 "SeLoadDriverPrivilege",
84 {SEC_PRIV_CREATE_PAGEFILE,
85 "SeCreatePagefilePrivilege",
88 {SEC_PRIV_INCREASE_QUOTA,
89 "SeIncreaseQuotaPrivilege",
92 {SEC_PRIV_CHANGE_NOTIFY,
93 "SeChangeNotifyPrivilege",
94 "Register for change notify"},
100 {SEC_PRIV_MANAGE_VOLUME,
101 "SeManageVolumePrivilege",
102 "Manage system volumes"},
104 {SEC_PRIV_IMPERSONATE,
105 "SeImpersonatePrivilege",
106 "Impersonate users"},
108 {SEC_PRIV_CREATE_GLOBAL,
109 "SeCreateGlobalPrivilege",
112 {SEC_PRIV_ENABLE_DELEGATION,
113 "SeEnableDelegationPrivilege",
114 "Enable Delegation"},
116 {SEC_PRIV_INTERACTIVE_LOGON,
117 "SeInteractiveLogonRight",
118 "Interactive logon"},
120 {SEC_PRIV_NETWORK_LOGON,
121 "SeNetworkLogonRight",
124 {SEC_PRIV_REMOTE_INTERACTIVE_LOGON,
125 "SeRemoteInteractiveLogonRight",
126 "Remote Interactive logon"}
131 map a privilege id to the wire string constant
133 const char *sec_privilege_name(unsigned int privilege)
136 for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
137 if (privilege_names[i].privilege == privilege) {
138 return privilege_names[i].name;
145 map a privilege id to a privilege display name. Return NULL if not found
147 TODO: this should use language mappings
149 const char *sec_privilege_display_name(int privilege, uint16_t *language)
152 for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
153 if (privilege_names[i].privilege == privilege) {
154 return privilege_names[i].display_name;
161 map a privilege name to a privilege id. Return -1 if not found
163 int sec_privilege_id(const char *name)
166 for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
167 if (strcasecmp(privilege_names[i].name, name) == 0) {
168 return (int)privilege_names[i].privilege;
176 return a privilege mask given a privilege id
178 uint64_t sec_privilege_mask(unsigned int privilege)
181 mask <<= (privilege-1);
187 return True if a security_token has a particular privilege bit set
189 BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege)
191 uint64_t mask = sec_privilege_mask(privilege);
192 if (token->privilege_mask & mask) {
199 set a bit in the privilege mask
201 void sec_privilege_set(struct security_token *token, unsigned int privilege)
203 token->privilege_mask |= sec_privilege_mask(privilege);