source4/libcli/security/privilege.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    manipulate privileges
   5
   6    Copyright (C) Andrew Tridgell 2004
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "librpc/gen_ndr/ndr_security.h"
  25
  26
  27 static const struct {
  28         enum sec_privilege privilege;
  29         const char *name;
  30 } privilege_names[] = {
  31         {SEC_PRIV_SECURITY,                   "SeSecurityPrivilege"},
  32         {SEC_PRIV_BACKUP,                     "SeBackupPrivilege"},
  33         {SEC_PRIV_RESTORE,                    "SeRestorePrivilege"},
  34         {SEC_PRIV_SYSTEMTIME,                 "SeSystemtimePrivilege"},
  35         {SEC_PRIV_SHUTDOWN,                   "SeShutdownPrivilege"},
  36         {SEC_PRIV_REMOTE_SHUTDOWN,            "SeRemoteShutdownPrivilege"},
  37         {SEC_PRIV_TAKE_OWNERSHIP,             "SeTakeOwnershipPrivilege"},
  38         {SEC_PRIV_DEBUG,                      "SeDebugPrivilege"},
  39         {SEC_PRIV_SYSTEM_ENVIRONMENT,         "SeSystemEnvironmentPrivilege"},
  40         {SEC_PRIV_SYSTEM_PROFILE,             "SeSystemProfilePrivilege"},
  41         {SEC_PRIV_PROFILE_SINGLE_PROCESS,     "SeProfileSingleProcessPrivilege"},
  42         {SEC_PRIV_INCREASE_BASE_PRIORITY,     "SeIncreaseBasePriorityPrivilege"},
  43         {SEC_PRIV_LOAD_DRIVER,                "SeLoadDriverPrivilege"},
  44         {SEC_PRIV_CREATE_PAGEFILE,            "SeCreatePagefilePrivilege"},
  45         {SEC_PRIV_INCREASE_QUOTA,             "SeIncreaseQuotaPrivilege"},
  46         {SEC_PRIV_CHANGE_NOTIFY,              "SeChangeNotifyPrivilege"},
  47         {SEC_PRIV_UNDOCK,                     "SeUndockPrivilege"},
  48         {SEC_PRIV_MANAGE_VOLUME,              "SeManageVolumePrivilege"},
  49         {SEC_PRIV_IMPERSONATE,                "SeImpersonatePrivilege"},
  50         {SEC_PRIV_CREATE_GLOBAL,              "SeCreateGlobalPrivilege"},
  51         {SEC_PRIV_ENABLE_DELEGATION,          "SeEnableDelegationPrivilege"},
  52         {SEC_PRIV_INTERACTIVE_LOGON,          "SeInteractiveLogonRight"},
  53         {SEC_PRIV_NETWORK_LOGON,              "SeNetworkLogonRight"},
  54         {SEC_PRIV_REMOTE_INTERACTIVE_LOGON,   "SeRemoteInteractiveLogonRight"}
  55 };
  56
  57
  58 /*
  59   map a privilege id to the wire string constant
  60 */
  61 const char *sec_privilege_name(unsigned int privilege)
  62 {
  63         int i;
  64         for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
  65                 if (privilege_names[i].privilege == privilege) {
  66                         return privilege_names[i].name;
  67                 }
  68         }
  69         return NULL;
  70 }
  71
  72 /*
  73   map a privilege name to a privilege id. Return -1 if not found
  74 */
  75 int sec_privilege_id(const char *name)
  76 {
  77         int i;
  78         for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
  79                 if (strcasecmp(privilege_names[i].name, name) == 0) {
  80                         return (int)privilege_names[i].privilege;
  81                 }
  82         }
  83         return -1;
  84 }
  85
  86
  87 /*
  88   return True if a security_token has a particular privilege bit set
  89 */
  90 BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege)
  91 {
  92         uint64_t mask = 1;
  93         mask <<= (privilege-1);
  94         if (token->privilege_mask & mask) {
  95                 return True;
  96         }
  97         return False;
  98 }
  99
 100 /*
 101   set a bit in the privilege mask
 102 */
 103 void sec_privilege_set(struct security_token *token, unsigned int privilege)
 104 {
 105         uint64_t mask = 1;
 106         mask <<= (privilege-1);
 107         token->privilege_mask |= mask;
 108 }