mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r4196: - added server side code for lsa_LookupPrivDisplayName
- added english descriptions of privileges. We should add other languages in the future.
This commit is contained in:
parent
7bddd47403
commit
3eee8b7c13
@ -27,31 +27,103 @@
|
||||
static const struct {
|
||||
enum sec_privilege privilege;
|
||||
const char *name;
|
||||
const char *display_name;
|
||||
} privilege_names[] = {
|
||||
{SEC_PRIV_SECURITY, "SeSecurityPrivilege"},
|
||||
{SEC_PRIV_BACKUP, "SeBackupPrivilege"},
|
||||
{SEC_PRIV_RESTORE, "SeRestorePrivilege"},
|
||||
{SEC_PRIV_SYSTEMTIME, "SeSystemtimePrivilege"},
|
||||
{SEC_PRIV_SHUTDOWN, "SeShutdownPrivilege"},
|
||||
{SEC_PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege"},
|
||||
{SEC_PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege"},
|
||||
{SEC_PRIV_DEBUG, "SeDebugPrivilege"},
|
||||
{SEC_PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege"},
|
||||
{SEC_PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege"},
|
||||
{SEC_PRIV_PROFILE_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege"},
|
||||
{SEC_PRIV_INCREASE_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege"},
|
||||
{SEC_PRIV_LOAD_DRIVER, "SeLoadDriverPrivilege"},
|
||||
{SEC_PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege"},
|
||||
{SEC_PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege"},
|
||||
{SEC_PRIV_CHANGE_NOTIFY, "SeChangeNotifyPrivilege"},
|
||||
{SEC_PRIV_UNDOCK, "SeUndockPrivilege"},
|
||||
{SEC_PRIV_MANAGE_VOLUME, "SeManageVolumePrivilege"},
|
||||
{SEC_PRIV_IMPERSONATE, "SeImpersonatePrivilege"},
|
||||
{SEC_PRIV_CREATE_GLOBAL, "SeCreateGlobalPrivilege"},
|
||||
{SEC_PRIV_ENABLE_DELEGATION, "SeEnableDelegationPrivilege"},
|
||||
{SEC_PRIV_INTERACTIVE_LOGON, "SeInteractiveLogonRight"},
|
||||
{SEC_PRIV_NETWORK_LOGON, "SeNetworkLogonRight"},
|
||||
{SEC_PRIV_REMOTE_INTERACTIVE_LOGON, "SeRemoteInteractiveLogonRight"}
|
||||
{SEC_PRIV_SECURITY,
|
||||
"SeSecurityPrivilege",
|
||||
"System security"},
|
||||
|
||||
{SEC_PRIV_BACKUP,
|
||||
"SeBackupPrivilege",
|
||||
"Backup files and directories"},
|
||||
|
||||
{SEC_PRIV_RESTORE,
|
||||
"SeRestorePrivilege",
|
||||
"Restore files and directories"},
|
||||
|
||||
{SEC_PRIV_SYSTEMTIME,
|
||||
"SeSystemtimePrivilege",
|
||||
"Set the system clock"},
|
||||
|
||||
{SEC_PRIV_SHUTDOWN,
|
||||
"SeShutdownPrivilege",
|
||||
"Shutdown the system"},
|
||||
|
||||
{SEC_PRIV_REMOTE_SHUTDOWN,
|
||||
"SeRemoteShutdownPrivilege",
|
||||
"Shutdown the system remotely"},
|
||||
|
||||
{SEC_PRIV_TAKE_OWNERSHIP,
|
||||
"SeTakeOwnershipPrivilege",
|
||||
"Take ownership of files and directories"},
|
||||
|
||||
{SEC_PRIV_DEBUG,
|
||||
"SeDebugPrivilege",
|
||||
"Debug processes"},
|
||||
|
||||
{SEC_PRIV_SYSTEM_ENVIRONMENT,
|
||||
"SeSystemEnvironmentPrivilege",
|
||||
"Modify system environment"},
|
||||
|
||||
{SEC_PRIV_SYSTEM_PROFILE,
|
||||
"SeSystemProfilePrivilege",
|
||||
"Profile the system"},
|
||||
|
||||
{SEC_PRIV_PROFILE_SINGLE_PROCESS,
|
||||
"SeProfileSingleProcessPrivilege",
|
||||
"Profile one process"},
|
||||
|
||||
{SEC_PRIV_INCREASE_BASE_PRIORITY,
|
||||
"SeIncreaseBasePriorityPrivilege",
|
||||
"Increase base priority"},
|
||||
|
||||
{SEC_PRIV_LOAD_DRIVER,
|
||||
"SeLoadDriverPrivilege",
|
||||
"Load drivers"},
|
||||
|
||||
{SEC_PRIV_CREATE_PAGEFILE,
|
||||
"SeCreatePagefilePrivilege",
|
||||
"Create page files"},
|
||||
|
||||
{SEC_PRIV_INCREASE_QUOTA,
|
||||
"SeIncreaseQuotaPrivilege",
|
||||
"Increase quota"},
|
||||
|
||||
{SEC_PRIV_CHANGE_NOTIFY,
|
||||
"SeChangeNotifyPrivilege",
|
||||
"Register for change notify"},
|
||||
|
||||
{SEC_PRIV_UNDOCK,
|
||||
"SeUndockPrivilege",
|
||||
"Undock devices"},
|
||||
|
||||
{SEC_PRIV_MANAGE_VOLUME,
|
||||
"SeManageVolumePrivilege",
|
||||
"Manage system volumes"},
|
||||
|
||||
{SEC_PRIV_IMPERSONATE,
|
||||
"SeImpersonatePrivilege",
|
||||
"Impersonate users"},
|
||||
|
||||
{SEC_PRIV_CREATE_GLOBAL,
|
||||
"SeCreateGlobalPrivilege",
|
||||
"Create global"},
|
||||
|
||||
{SEC_PRIV_ENABLE_DELEGATION,
|
||||
"SeEnableDelegationPrivilege",
|
||||
"Enable Delegation"},
|
||||
|
||||
{SEC_PRIV_INTERACTIVE_LOGON,
|
||||
"SeInteractiveLogonRight",
|
||||
"Interactive logon"},
|
||||
|
||||
{SEC_PRIV_NETWORK_LOGON,
|
||||
"SeNetworkLogonRight",
|
||||
"Network logon"},
|
||||
|
||||
{SEC_PRIV_REMOTE_INTERACTIVE_LOGON,
|
||||
"SeRemoteInteractiveLogonRight",
|
||||
"Remote Interactive logon"}
|
||||
};
|
||||
|
||||
|
||||
@ -69,6 +141,22 @@ const char *sec_privilege_name(unsigned int privilege)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
map a privilege id to a privilege display name. Return NULL if not found
|
||||
|
||||
TODO: this should use language mappings
|
||||
*/
|
||||
const char *sec_privilege_display_name(int privilege, uint16_t *language)
|
||||
{
|
||||
int i;
|
||||
for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
|
||||
if (privilege_names[i].privilege == privilege) {
|
||||
return privilege_names[i].display_name;
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
map a privilege name to a privilege id. Return -1 if not found
|
||||
*/
|
||||
|
@ -852,17 +852,64 @@ static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct lsa_LookupPrivName *r)
|
||||
{
|
||||
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
|
||||
struct dcesrv_handle *h;
|
||||
struct lsa_policy_state *state;
|
||||
const char *privname;
|
||||
|
||||
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
|
||||
|
||||
state = h->data;
|
||||
|
||||
if (r->in.luid->high != 0) {
|
||||
return NT_STATUS_NO_SUCH_PRIVILEGE;
|
||||
}
|
||||
|
||||
privname = sec_privilege_name(r->in.luid->low);
|
||||
if (privname == NULL) {
|
||||
return NT_STATUS_NO_SUCH_PRIVILEGE;
|
||||
}
|
||||
|
||||
r->out.name = talloc_p(mem_ctx, struct lsa_String);
|
||||
if (r->out.name == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
r->out.name->string = privname;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
lsa_LookupPrivDisplayName
|
||||
*/
|
||||
static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
|
||||
struct lsa_LookupPrivDisplayName *r)
|
||||
static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct lsa_LookupPrivDisplayName *r)
|
||||
{
|
||||
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
|
||||
struct dcesrv_handle *h;
|
||||
struct lsa_policy_state *state;
|
||||
int id;
|
||||
|
||||
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
|
||||
|
||||
state = h->data;
|
||||
|
||||
id = sec_privilege_id(r->in.name->string);
|
||||
if (id == -1) {
|
||||
return NT_STATUS_NO_SUCH_PRIVILEGE;
|
||||
}
|
||||
|
||||
r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
|
||||
if (r->out.disp_name == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
|
||||
if (r->out.disp_name->string == NULL) {
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user