1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21da6c28aaSamw /* 22*7f667e74Sjose borrego * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23da6c28aaSamw * Use is subject to license terms. 24da6c28aaSamw */ 25da6c28aaSamw 26da6c28aaSamw #ifndef _SMB_PRIVILEGE_H 27da6c28aaSamw #define _SMB_PRIVILEGE_H 28da6c28aaSamw 29da6c28aaSamw #ifdef __cplusplus 30da6c28aaSamw extern "C" { 31da6c28aaSamw #endif 32da6c28aaSamw 33da6c28aaSamw /* 34da6c28aaSamw * Privileges 35da6c28aaSamw * 36da6c28aaSamw * Privileges apply to all objects and over-ride the access controls 37da6c28aaSamw * in an object's security descriptor in a manner specific to each 38da6c28aaSamw * privilege. Privileges are still not full defined. Privileges are 39da6c28aaSamw * defined in a set structure (LUID = Locally Unique Identifier). 40da6c28aaSamw * 41da6c28aaSamw * The default LUID, name and display names defined on NT 4.0 are: 42da6c28aaSamw * LUID Privilege Name Display Name 43da6c28aaSamw * ---- -------------- ------------ 44da6c28aaSamw * 0:2 SeCreateTokenPrivilege Create a token object 45da6c28aaSamw * 0:3 SeAssignPrimaryTokenPrivilege Replace a process level token 46da6c28aaSamw * 0:4 SeLockMemoryPrivilege Lock pages in memory 47da6c28aaSamw * 0:5 SeIncreaseQuotaPrivilege Increase quotas 48da6c28aaSamw * 0:6 SeMachineAccountPrivilege Add workstations to domain 49da6c28aaSamw * 0:7 SeTcbPrivilege Act as part of the operating system 50da6c28aaSamw * 0:8 SeSecurityPrivilege Manage auditing and security log 51da6c28aaSamw * 0:9 SeTakeOwnershipPrivilege Take ownership of files or other objects 52da6c28aaSamw * 0:10 SeLoadDriverPrivilege Load and unload device drivers 53da6c28aaSamw * 0:11 SeSystemProfilePrivilege Profile system performance 54da6c28aaSamw * 0:12 SeSystemtimePrivilege Change the system time 55da6c28aaSamw * 0:13 SeProfileSingleProcessPrivilege Profile single process 56da6c28aaSamw * 0:14 SeIncreaseBasePriorityPrivilege Increase scheduling priority 57da6c28aaSamw * 0:15 SeCreatePagefilePrivilege Create a pagefile 58da6c28aaSamw * 0:16 SeCreatePermanentPrivilege Create permanent shared objects 59da6c28aaSamw * 0:17 SeBackupPrivilege Back up files and directories 60da6c28aaSamw * 0:18 SeRestorePrivilege Restore files and directories 61da6c28aaSamw * 0:19 SeShutdownPrivilege Shut down the system 62da6c28aaSamw * 0:20 SeDebugPrivilege Debug programs 63da6c28aaSamw * 0:21 SeAuditPrivilege Generate security audits 64da6c28aaSamw * 0:22 SeSystemEnvironmentPrivilege Modify firmware environment values 65da6c28aaSamw * 0:23 SeChangeNotifyPrivilege Bypass traverse checking 66da6c28aaSamw * 0:24 SeRemoteShutdownPrivilege Force shutdown from a remote system 67da6c28aaSamw */ 68da6c28aaSamw 69da6c28aaSamw /* 70da6c28aaSamw * Privilege names 71da6c28aaSamw */ 72da6c28aaSamw #define SE_CREATE_TOKEN_NAME "SeCreateTokenPrivilege" 73da6c28aaSamw #define SE_ASSIGNPRIMARYTOKEN_NAME "SeAssignPrimaryTokenPrivilege" 74da6c28aaSamw #define SE_LOCK_MEMORY_NAME "SeLockMemoryPrivilege" 75da6c28aaSamw #define SE_INCREASE_QUOTA_NAME "SeIncreaseQuotaPrivilege" 76da6c28aaSamw #define SE_UNSOLICITED_INPUT_NAME "SeUnsolicitedInputPrivilege" 77da6c28aaSamw #define SE_MACHINE_ACCOUNT_NAME "SeMachineAccountPrivilege" 78da6c28aaSamw #define SE_TCB_NAME "SeTcbPrivilege" 79da6c28aaSamw #define SE_SECURITY_NAME "SeSecurityPrivilege" 80da6c28aaSamw #define SE_TAKE_OWNERSHIP_NAME "SeTakeOwnershipPrivilege" 81da6c28aaSamw #define SE_LOAD_DRIVER_NAME "SeLoadDriverPrivilege" 82da6c28aaSamw #define SE_SYSTEM_PROFILE_NAME "SeSystemProfilePrivilege" 83da6c28aaSamw #define SE_SYSTEMTIME_NAME "SeSystemtimePrivilege" 84da6c28aaSamw #define SE_PROF_SINGLE_PROCESS_NAME "SeProfileSingleProcessPrivilege" 85da6c28aaSamw #define SE_INC_BASE_PRIORITY_NAME "SeIncreaseBasePriorityPrivilege" 86da6c28aaSamw #define SE_CREATE_PAGEFILE_NAME "SeCreatePagefilePrivilege" 87da6c28aaSamw #define SE_CREATE_PERMANENT_NAME "SeCreatePermanentPrivilege" 88da6c28aaSamw #define SE_BACKUP_NAME "SeBackupPrivilege" 89da6c28aaSamw #define SE_RESTORE_NAME "SeRestorePrivilege" 90da6c28aaSamw #define SE_SHUTDOWN_NAME "SeShutdownPrivilege" 91da6c28aaSamw #define SE_DEBUG_NAME "SeDebugPrivilege" 92da6c28aaSamw #define SE_AUDIT_NAME "SeAuditPrivilege" 93da6c28aaSamw #define SE_SYSTEM_ENVIRONMENT_NAME "SeSystemEnvironmentPrivilege" 94da6c28aaSamw #define SE_CHANGE_NOTIFY_NAME "SeChangeNotifyPrivilege" 95da6c28aaSamw #define SE_REMOTE_SHUTDOWN_NAME "SeRemoteShutdownPrivilege" 96da6c28aaSamw 97dc20a302Sas200622 #define SE_MIN_LUID 2 98da6c28aaSamw #define SE_CREATE_TOKEN_LUID 2 99da6c28aaSamw #define SE_ASSIGNPRIMARYTOKEN_LUID 3 100da6c28aaSamw #define SE_LOCK_MEMORY_LUID 4 101da6c28aaSamw #define SE_INCREASE_QUOTA_LUID 5 102da6c28aaSamw #define SE_MACHINE_ACCOUNT_LUID 6 103da6c28aaSamw #define SE_TCB_LUID 7 104da6c28aaSamw #define SE_SECURITY_LUID 8 105da6c28aaSamw #define SE_TAKE_OWNERSHIP_LUID 9 106da6c28aaSamw #define SE_LOAD_DRIVER_LUID 10 107da6c28aaSamw #define SE_SYSTEM_PROFILE_LUID 11 108da6c28aaSamw #define SE_SYSTEMTIME_LUID 12 109da6c28aaSamw #define SE_PROF_SINGLE_PROCESS_LUID 13 110da6c28aaSamw #define SE_INC_BASE_PRIORITY_LUID 14 111da6c28aaSamw #define SE_CREATE_PAGEFILE_LUID 15 112da6c28aaSamw #define SE_CREATE_PERMANENT_LUID 16 113da6c28aaSamw #define SE_BACKUP_LUID 17 114da6c28aaSamw #define SE_RESTORE_LUID 18 115da6c28aaSamw #define SE_SHUTDOWN_LUID 19 116da6c28aaSamw #define SE_DEBUG_LUID 20 117da6c28aaSamw #define SE_AUDIT_LUID 21 118da6c28aaSamw #define SE_SYSTEM_ENVIRONMENT_LUID 22 119da6c28aaSamw #define SE_CHANGE_NOTIFY_LUID 23 120da6c28aaSamw #define SE_REMOTE_SHUTDOWN_LUID 24 121dc20a302Sas200622 #define SE_MAX_LUID 24 122da6c28aaSamw 123da6c28aaSamw /* 124da6c28aaSamw * Privilege attributes 125da6c28aaSamw */ 126da6c28aaSamw #define SE_PRIVILEGE_DISABLED 0x00000000 127da6c28aaSamw #define SE_PRIVILEGE_ENABLED_BY_DEFAULT 0x00000001 128da6c28aaSamw #define SE_PRIVILEGE_ENABLED 0x00000002 129da6c28aaSamw #define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000 130da6c28aaSamw 131da6c28aaSamw /* 132da6c28aaSamw * Privilege Set Control flags 133da6c28aaSamw */ 134da6c28aaSamw #define PRIVILEGE_SET_ALL_NECESSARY 1 135da6c28aaSamw 136da6c28aaSamw typedef struct smb_luid { 137da6c28aaSamw uint32_t lo_part; 138da6c28aaSamw uint32_t hi_part; 139da6c28aaSamw } smb_luid_t; 140da6c28aaSamw 141da6c28aaSamw 142da6c28aaSamw typedef struct smb_luid_attrs { 143da6c28aaSamw smb_luid_t luid; 144da6c28aaSamw uint32_t attrs; 145da6c28aaSamw } smb_luid_attrs_t; 146da6c28aaSamw 147da6c28aaSamw 148da6c28aaSamw typedef struct smb_privset { 149da6c28aaSamw uint32_t priv_cnt; 150da6c28aaSamw uint32_t control; 151da6c28aaSamw smb_luid_attrs_t priv[ANY_SIZE_ARRAY]; 152da6c28aaSamw } smb_privset_t; 153da6c28aaSamw 154da6c28aaSamw /* 155da6c28aaSamw * These are possible value for smb_privinfo_t.flags 156da6c28aaSamw * 157da6c28aaSamw * PF_PRESENTABLE Privilege is user visible 158da6c28aaSamw */ 159da6c28aaSamw #define PF_PRESENTABLE 0x1 160da6c28aaSamw 161da6c28aaSamw /* 162da6c28aaSamw * Structure for passing privilege name and id information around within 163da6c28aaSamw * the system. Note that we are only storing the low uint32_t of the LUID; 164da6c28aaSamw * the high part is always zero here. 165da6c28aaSamw */ 166da6c28aaSamw typedef struct smb_privinfo { 167da6c28aaSamw uint32_t id; 168da6c28aaSamw char *name; 169da6c28aaSamw char *display_name; 170da6c28aaSamw uint16_t flags; 171da6c28aaSamw } smb_privinfo_t; 172da6c28aaSamw 173da6c28aaSamw smb_privinfo_t *smb_priv_getbyvalue(uint32_t id); 174da6c28aaSamw smb_privinfo_t *smb_priv_getbyname(char *name); 175da6c28aaSamw int smb_priv_presentable_num(void); 176da6c28aaSamw int smb_priv_presentable_ids(uint32_t *ids, int num); 177da6c28aaSamw smb_privset_t *smb_privset_new(); 178da6c28aaSamw int smb_privset_size(); 179da6c28aaSamw void smb_privset_init(smb_privset_t *privset); 180da6c28aaSamw void smb_privset_free(smb_privset_t *privset); 181da6c28aaSamw void smb_privset_copy(smb_privset_t *dst, smb_privset_t *src); 182dc20a302Sas200622 void smb_privset_merge(smb_privset_t *dst, smb_privset_t *src); 183da6c28aaSamw void smb_privset_enable(smb_privset_t *privset, uint32_t id); 184da6c28aaSamw int smb_privset_query(smb_privset_t *privset, uint32_t id); 185da6c28aaSamw void smb_privset_log(smb_privset_t *privset); 186da6c28aaSamw 187da6c28aaSamw #ifdef __cplusplus 188da6c28aaSamw } 189da6c28aaSamw #endif 190da6c28aaSamw 191da6c28aaSamw #endif /* _SMB_PRIVILEGE_H */ 192