1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

r4196: - added server side code for lsa_LookupPrivDisplayName

- added english descriptions of privileges. We should add other
  languages in the future.
This commit is contained in:
Andrew Tridgell 2004-12-14 05:51:01 +00:00 committed by Gerald (Jerry) Carter
parent 7bddd47403
commit 3eee8b7c13
2 changed files with 163 additions and 28 deletions

View File

@ -27,31 +27,103 @@
static const struct {
enum sec_privilege privilege;
const char *name;
const char *display_name;
} privilege_names[] = {
{SEC_PRIV_SECURITY, "SeSecurityPrivilege"},
{SEC_PRIV_BACKUP, "SeBackupPrivilege"},
{SEC_PRIV_RESTORE, "SeRestorePrivilege"},
{SEC_PRIV_SYSTEMTIME, "SeSystemtimePrivilege"},
{SEC_PRIV_SHUTDOWN, "SeShutdownPrivilege"},
{SEC_PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege"},
{SEC_PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege"},
{SEC_PRIV_DEBUG, "SeDebugPrivilege"},
{SEC_PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege"},
{SEC_PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege"},
{SEC_PRIV_PROFILE_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege"},
{SEC_PRIV_INCREASE_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege"},
{SEC_PRIV_LOAD_DRIVER, "SeLoadDriverPrivilege"},
{SEC_PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege"},
{SEC_PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege"},
{SEC_PRIV_CHANGE_NOTIFY, "SeChangeNotifyPrivilege"},
{SEC_PRIV_UNDOCK, "SeUndockPrivilege"},
{SEC_PRIV_MANAGE_VOLUME, "SeManageVolumePrivilege"},
{SEC_PRIV_IMPERSONATE, "SeImpersonatePrivilege"},
{SEC_PRIV_CREATE_GLOBAL, "SeCreateGlobalPrivilege"},
{SEC_PRIV_ENABLE_DELEGATION, "SeEnableDelegationPrivilege"},
{SEC_PRIV_INTERACTIVE_LOGON, "SeInteractiveLogonRight"},
{SEC_PRIV_NETWORK_LOGON, "SeNetworkLogonRight"},
{SEC_PRIV_REMOTE_INTERACTIVE_LOGON, "SeRemoteInteractiveLogonRight"}
{SEC_PRIV_SECURITY,
"SeSecurityPrivilege",
"System security"},
{SEC_PRIV_BACKUP,
"SeBackupPrivilege",
"Backup files and directories"},
{SEC_PRIV_RESTORE,
"SeRestorePrivilege",
"Restore files and directories"},
{SEC_PRIV_SYSTEMTIME,
"SeSystemtimePrivilege",
"Set the system clock"},
{SEC_PRIV_SHUTDOWN,
"SeShutdownPrivilege",
"Shutdown the system"},
{SEC_PRIV_REMOTE_SHUTDOWN,
"SeRemoteShutdownPrivilege",
"Shutdown the system remotely"},
{SEC_PRIV_TAKE_OWNERSHIP,
"SeTakeOwnershipPrivilege",
"Take ownership of files and directories"},
{SEC_PRIV_DEBUG,
"SeDebugPrivilege",
"Debug processes"},
{SEC_PRIV_SYSTEM_ENVIRONMENT,
"SeSystemEnvironmentPrivilege",
"Modify system environment"},
{SEC_PRIV_SYSTEM_PROFILE,
"SeSystemProfilePrivilege",
"Profile the system"},
{SEC_PRIV_PROFILE_SINGLE_PROCESS,
"SeProfileSingleProcessPrivilege",
"Profile one process"},
{SEC_PRIV_INCREASE_BASE_PRIORITY,
"SeIncreaseBasePriorityPrivilege",
"Increase base priority"},
{SEC_PRIV_LOAD_DRIVER,
"SeLoadDriverPrivilege",
"Load drivers"},
{SEC_PRIV_CREATE_PAGEFILE,
"SeCreatePagefilePrivilege",
"Create page files"},
{SEC_PRIV_INCREASE_QUOTA,
"SeIncreaseQuotaPrivilege",
"Increase quota"},
{SEC_PRIV_CHANGE_NOTIFY,
"SeChangeNotifyPrivilege",
"Register for change notify"},
{SEC_PRIV_UNDOCK,
"SeUndockPrivilege",
"Undock devices"},
{SEC_PRIV_MANAGE_VOLUME,
"SeManageVolumePrivilege",
"Manage system volumes"},
{SEC_PRIV_IMPERSONATE,
"SeImpersonatePrivilege",
"Impersonate users"},
{SEC_PRIV_CREATE_GLOBAL,
"SeCreateGlobalPrivilege",
"Create global"},
{SEC_PRIV_ENABLE_DELEGATION,
"SeEnableDelegationPrivilege",
"Enable Delegation"},
{SEC_PRIV_INTERACTIVE_LOGON,
"SeInteractiveLogonRight",
"Interactive logon"},
{SEC_PRIV_NETWORK_LOGON,
"SeNetworkLogonRight",
"Network logon"},
{SEC_PRIV_REMOTE_INTERACTIVE_LOGON,
"SeRemoteInteractiveLogonRight",
"Remote Interactive logon"}
};
@ -69,6 +141,22 @@ const char *sec_privilege_name(unsigned int privilege)
return NULL;
}
/*
map a privilege id to a privilege display name. Return NULL if not found
TODO: this should use language mappings
*/
const char *sec_privilege_display_name(int privilege, uint16_t *language)
{
int i;
for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
if (privilege_names[i].privilege == privilege) {
return privilege_names[i].display_name;
}
}
return NULL;
}
/*
map a privilege name to a privilege id. Return -1 if not found
*/

View File

@ -852,17 +852,64 @@ static NTSTATUS lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_LookupPrivName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
struct dcesrv_handle *h;
struct lsa_policy_state *state;
const char *privname;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
if (r->in.luid->high != 0) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
privname = sec_privilege_name(r->in.luid->low);
if (privname == NULL) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r->out.name = talloc_p(mem_ctx, struct lsa_String);
if (r->out.name == NULL) {
return NT_STATUS_NO_MEMORY;
}
r->out.name->string = privname;
return NT_STATUS_OK;
}
/*
lsa_LookupPrivDisplayName
*/
static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_LookupPrivDisplayName *r)
static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_LookupPrivDisplayName *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
struct dcesrv_handle *h;
struct lsa_policy_state *state;
int id;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
id = sec_privilege_id(r->in.name->string);
if (id == -1) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
if (r->out.disp_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
if (r->out.disp_name->string == NULL) {
return NT_STATUS_INTERNAL_ERROR;
}
return NT_STATUS_OK;
}