sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
0d25212cc1
samba-mirror/libcli/security/privileges.h

163 lines
5.9 KiB
C
Raw Normal View History

r5203: additional changes for BUG 2291 to restrict who can join a BDC and add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2005-02-03 18:14:54 +03:00
s3-privs Move source3/ privileges implmentation into common Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-27 02:56:15 +04:00
/*
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
Unix SMB/CIFS implementation.
SMB parameters and setup
Copyright (C) Andrew Tridgell 1992-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
Copyright (C) Paul Ashton 1997
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
Copyright (C) Simo Sorce 2003
r5726: merge LsaLookupPrivValue() code from trunk (This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2005-03-10 21:50:47 +03:00
Copyright (C) Gerald (Jerry) Carter 2005
privs Add my Copyright Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26 12:38:16 +04:00
Copyright (C) Andrew Bartlett 2010
s3-privs Move source3/ privileges implmentation into common Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-27 02:56:15 +04:00
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-07-09 23:25:36 +04:00
the Free Software Foundation; either version 3 of the License, or
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
(at your option) any later version.
s3-privs Move source3/ privileges implmentation into common Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-27 02:56:15 +04:00
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
s3-privs Move source3/ privileges implmentation into common Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-27 02:56:15 +04:00
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
You should have received a copy of the GNU General Public License
r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-07-10 04:52:41 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
*/
#ifndef PRIVILEGES_H
#define PRIVILEGES_H
s3-privileges: use LUID defines from lsa IDL. Guenther
2010-06-05 04:39:11 +04:00
#include "../librpc/gen_ndr/lsa.h"
privs Move privilege bitmasks to security.idl Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-27 06:44:35 +04:00
#include "../librpc/gen_ndr/security.h"
s3-privileges: use LUID defines from lsa IDL. Guenther
2010-06-05 04:39:11 +04:00
r4849: * finish SeAddUsers support in srv_samr_nt.c * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2005-01-19 19:52:19 +03:00
/* privilege bitmask */
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
/* common privilege defines */
Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-18 19:24:10 +04:00
s3:privileges Change SE_PRIV to be just a uint64_t We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-24 08:47:26 +04:00
#define SE_END 0x0
#define SE_NONE 0x0
s3-privs Further changes to remove SE_PRIV Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26 08:37:00 +04:00
#define SE_ALL_PRIVS (uint64_t)-1
Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-18 19:24:10 +04:00
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e)
2007-06-14 15:29:35 +04:00
/* defined in lib/privilegs_basic.c */
s3-privs Further changes to remove SE_PRIV Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26 08:37:00 +04:00
extern const uint64_t se_priv_all;
r4849: * finish SeAddUsers support in srv_samr_nt.c * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2005-01-19 19:52:19 +03:00
s3-privs Further changes to remove SE_PRIV Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26 08:37:00 +04:00
extern const uint64_t se_priv_none;
extern const uint64_t se_machine_account;
extern const uint64_t se_print_operator;
extern const uint64_t se_add_users;
extern const uint64_t se_disk_operators;
extern const uint64_t se_remote_shutdown;
extern const uint64_t se_restore;
extern const uint64_t se_take_ownership;
r4849: * finish SeAddUsers support in srv_samr_nt.c * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2005-01-19 19:52:19 +03:00
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
/*
* These are used in Lsa replies (srv_lsa_nt.c)
*/
r7995: * privileges are local except when they're *not* printmig.exe assumes that the LUID of the SeBackupPrivlege on the target server matches the LUID of the privilege on the local client. Even though an LUID is never guaranteed to be the same across reboots. How *awful*! My cat could write better code! (more on my cat later....) * Set the privelege LUID in the global PRIVS[] array * Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN * Rename the unknown field in RegCreateKeyEx() to disposition (guess according to MSDN) * Add the capability to define REG_TDB_ONLY for using the reg_db.c functions and stress the RegXXX() rpc functions. (This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b)
2005-06-29 20:35:32 +04:00
typedef struct {
split some security related functions in their own files. (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-10-06 05:38:46 +04:00
TALLOC_CTX *mem_ctx;
RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-19 04:40:25 +04:00
bool ext_ctx;
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
uint32 count;
uint32 control;
s3-privileges: use LUID defines from lsa IDL. Guenther
2010-06-05 04:39:11 +04:00
struct lsa_LUIDAttribute *set;
sort out some include dependencies split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-05-06 17:10:10 +04:00
} PRIVILEGE_SET;
r7995: * privileges are local except when they're *not* printmig.exe assumes that the LUID of the SeBackupPrivlege on the target server matches the LUID of the privilege on the local client. Even though an LUID is never guaranteed to be the same across reboots. How *awful*! My cat could write better code! (more on my cat later....) * Set the privelege LUID in the global PRIVS[] array * Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN * Rename the unknown field in RegCreateKeyEx() to disposition (guess according to MSDN) * Add the capability to define REG_TDB_ONLY for using the reg_db.c functions and stress the RegXXX() rpc functions. (This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b)
2005-06-29 20:35:32 +04:00
typedef struct {
s3-privs Rename structure elements for greater clarity It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26 16:49:27 +04:00
uint64_t privilege_mask;
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
const char *name;
Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-18 19:24:10 +04:00
const char *description;
s3-privs Rename structure elements for greater clarity It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26 16:49:27 +04:00
enum sec_privilege luid;
Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-18 19:24:10 +04:00
} PRIVS;
s3-privs Move manual prototypes to common privileges.h Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-27 03:22:31 +04:00
/***************************************************************************
copy an uint64_t structure
****************************************************************************/
bool se_priv_copy( uint64_t *dst, const uint64_t *src );
/***************************************************************************
put all privileges into a mask
****************************************************************************/
bool se_priv_put_all_privileges(uint64_t *privilege_mask);
/***************************************************************************
combine 2 uint64_t structures and store the resulting set in mew_mask
****************************************************************************/
void se_priv_add( uint64_t *privilege_mask, const uint64_t *addpriv );
/***************************************************************************
remove one uint64_t sytucture from another and store the resulting set
in mew_mask
****************************************************************************/
void se_priv_remove( uint64_t *privilege_mask, const uint64_t *removepriv );
/***************************************************************************
check if 2 uint64_t structure are equal
****************************************************************************/
bool se_priv_equal( const uint64_t *privilege_mask1, const uint64_t *privilege_mask2 );
/*********************************************************************
Lookup the uint64_t value for a privilege name
*********************************************************************/
bool se_priv_from_name( const char *name, uint64_t *privilege_mask );
/***************************************************************************
dump an uint64_t structure to the log files
****************************************************************************/
void dump_se_priv( int dbg_cl, int dbg_lvl, const uint64_t *privilege_mask );
/****************************************************************************
check if the privilege is in the privilege list
****************************************************************************/
bool is_privilege_assigned(const uint64_t *privileges,
const uint64_t *check);
const char* get_privilege_dispname( const char *name );
/****************************************************************************
Does the user have the specified privilege ? We only deal with one privilege
at a time here.
*****************************************************************************/
bool user_has_privileges(const struct security_token *token, const uint64_t *privilege_bit);
/****************************************************************************
Does the user have any of the specified privileges ? We only deal with one privilege
at a time here.
*****************************************************************************/
bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege_mask);
/*******************************************************************
return the number of elements in the privlege array
*******************************************************************/
int count_all_privileges( void );
/*********************************************************************
Generate the struct lsa_LUIDAttribute structure based on a bitmask
The assumption here is that the privilege has already been validated
so we are guaranteed to find it in the list.
*********************************************************************/
struct lsa_LUIDAttribute get_privilege_luid( uint64_t *privilege_mask );
/****************************************************************************
Convert a LUID to a named string
****************************************************************************/
const char *luid_to_privilege_name(const struct lsa_LUID *set);
bool se_priv_to_privilege_set( PRIVILEGE_SET *set, uint64_t *privilege_mask );
bool privilege_set_to_se_priv( uint64_t *privilege_mask, struct lsa_PrivilegeSet *privset );
Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-18 19:24:10 +04:00
#endif /* PRIVILEGES_H */
Copy Permalink