1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21da6c28aaSamw /* 227f667e74Sjose borrego * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23da6c28aaSamw * Use is subject to license terms. 24*a90cf9f2SGordon Ross * 25*a90cf9f2SGordon Ross * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 26da6c28aaSamw */ 27da6c28aaSamw 28da6c28aaSamw #ifndef _SMB_PRIVILEGE_H 29da6c28aaSamw #define _SMB_PRIVILEGE_H 30da6c28aaSamw 31b3700b07SGordon Ross #include <smbsrv/wintypes.h> 32b3700b07SGordon Ross 33da6c28aaSamw #ifdef __cplusplus 34da6c28aaSamw extern "C" { 35da6c28aaSamw #endif 36da6c28aaSamw 37da6c28aaSamw /* 38da6c28aaSamw * Privileges 39da6c28aaSamw * 40da6c28aaSamw * Privileges apply to all objects and over-ride the access controls 41da6c28aaSamw * in an object's security descriptor in a manner specific to each 42da6c28aaSamw * privilege. Privileges are still not full defined. Privileges are 43da6c28aaSamw * defined in a set structure (LUID = Locally Unique Identifier). 44da6c28aaSamw * 45da6c28aaSamw * The default LUID, name and display names defined on NT 4.0 are: 46da6c28aaSamw * LUID Privilege Name Display Name 47da6c28aaSamw * ---- -------------- ------------ 48da6c28aaSamw * 0:2 SeCreateTokenPrivilege Create a token object 49da6c28aaSamw * 0:3 SeAssignPrimaryTokenPrivilege Replace a process level token 50da6c28aaSamw * 0:4 SeLockMemoryPrivilege Lock pages in memory 51da6c28aaSamw * 0:5 SeIncreaseQuotaPrivilege Increase quotas 52da6c28aaSamw * 0:6 SeMachineAccountPrivilege Add workstations to domain 53da6c28aaSamw * 0:7 SeTcbPrivilege Act as part of the operating system 54da6c28aaSamw * 0:8 SeSecurityPrivilege Manage auditing and security log 55da6c28aaSamw * 0:9 SeTakeOwnershipPrivilege Take ownership of files or other objects 56da6c28aaSamw * 0:10 SeLoadDriverPrivilege Load and unload device drivers 57da6c28aaSamw * 0:11 SeSystemProfilePrivilege Profile system performance 58da6c28aaSamw * 0:12 SeSystemtimePrivilege Change the system time 59da6c28aaSamw * 0:13 SeProfileSingleProcessPrivilege Profile single process 60da6c28aaSamw * 0:14 SeIncreaseBasePriorityPrivilege Increase scheduling priority 61da6c28aaSamw * 0:15 SeCreatePagefilePrivilege Create a pagefile 62da6c28aaSamw * 0:16 SeCreatePermanentPrivilege Create permanent shared objects 63da6c28aaSamw * 0:17 SeBackupPrivilege Back up files and directories 64da6c28aaSamw * 0:18 SeRestorePrivilege Restore files and directories 65da6c28aaSamw * 0:19 SeShutdownPrivilege Shut down the system 66da6c28aaSamw * 0:20 SeDebugPrivilege Debug programs 67da6c28aaSamw * 0:21 SeAuditPrivilege Generate security audits 68da6c28aaSamw * 0:22 SeSystemEnvironmentPrivilege Modify firmware environment values 69da6c28aaSamw * 0:23 SeChangeNotifyPrivilege Bypass traverse checking 70da6c28aaSamw * 0:24 SeRemoteShutdownPrivilege Force shutdown from a remote system 71da6c28aaSamw */ 72da6c28aaSamw 73da6c28aaSamw /* 74da6c28aaSamw * Privilege names 75da6c28aaSamw */ 76da6c28aaSamw #define SE_CREATE_TOKEN_NAME "SeCreateTokenPrivilege" 77da6c28aaSamw #define SE_ASSIGNPRIMARYTOKEN_NAME "SeAssignPrimaryTokenPrivilege" 78da6c28aaSamw #define SE_LOCK_MEMORY_NAME "SeLockMemoryPrivilege" 79da6c28aaSamw #define SE_INCREASE_QUOTA_NAME "SeIncreaseQuotaPrivilege" 80da6c28aaSamw #define SE_UNSOLICITED_INPUT_NAME "SeUnsolicitedInputPrivilege" 81da6c28aaSamw #define SE_MACHINE_ACCOUNT_NAME "SeMachineAccountPrivilege" 82da6c28aaSamw #define SE_TCB_NAME "SeTcbPrivilege" 83da6c28aaSamw #define SE_SECURITY_NAME "SeSecurityPrivilege" 84da6c28aaSamw #define SE_TAKE_OWNERSHIP_NAME "SeTakeOwnershipPrivilege" 85da6c28aaSamw #define SE_LOAD_DRIVER_NAME "SeLoadDriverPrivilege" 86da6c28aaSamw #define SE_SYSTEM_PROFILE_NAME "SeSystemProfilePrivilege" 87da6c28aaSamw #define SE_SYSTEMTIME_NAME "SeSystemtimePrivilege" 88da6c28aaSamw #define SE_PROF_SINGLE_PROCESS_NAME "SeProfileSingleProcessPrivilege" 89da6c28aaSamw #define SE_INC_BASE_PRIORITY_NAME "SeIncreaseBasePriorityPrivilege" 90da6c28aaSamw #define SE_CREATE_PAGEFILE_NAME "SeCreatePagefilePrivilege" 91da6c28aaSamw #define SE_CREATE_PERMANENT_NAME "SeCreatePermanentPrivilege" 92da6c28aaSamw #define SE_BACKUP_NAME "SeBackupPrivilege" 93da6c28aaSamw #define SE_RESTORE_NAME "SeRestorePrivilege" 94da6c28aaSamw #define SE_SHUTDOWN_NAME "SeShutdownPrivilege" 95da6c28aaSamw #define SE_DEBUG_NAME "SeDebugPrivilege" 96da6c28aaSamw #define SE_AUDIT_NAME "SeAuditPrivilege" 97da6c28aaSamw #define SE_SYSTEM_ENVIRONMENT_NAME "SeSystemEnvironmentPrivilege" 98da6c28aaSamw #define SE_CHANGE_NOTIFY_NAME "SeChangeNotifyPrivilege" 99da6c28aaSamw #define SE_REMOTE_SHUTDOWN_NAME "SeRemoteShutdownPrivilege" 100da6c28aaSamw 101dc20a302Sas200622 #define SE_MIN_LUID 2 102da6c28aaSamw #define SE_CREATE_TOKEN_LUID 2 103da6c28aaSamw #define SE_ASSIGNPRIMARYTOKEN_LUID 3 104da6c28aaSamw #define SE_LOCK_MEMORY_LUID 4 105da6c28aaSamw #define SE_INCREASE_QUOTA_LUID 5 106da6c28aaSamw #define SE_MACHINE_ACCOUNT_LUID 6 107da6c28aaSamw #define SE_TCB_LUID 7 108da6c28aaSamw #define SE_SECURITY_LUID 8 109da6c28aaSamw #define SE_TAKE_OWNERSHIP_LUID 9 110da6c28aaSamw #define SE_LOAD_DRIVER_LUID 10 111da6c28aaSamw #define SE_SYSTEM_PROFILE_LUID 11 112da6c28aaSamw #define SE_SYSTEMTIME_LUID 12 113da6c28aaSamw #define SE_PROF_SINGLE_PROCESS_LUID 13 114da6c28aaSamw #define SE_INC_BASE_PRIORITY_LUID 14 115da6c28aaSamw #define SE_CREATE_PAGEFILE_LUID 15 116da6c28aaSamw #define SE_CREATE_PERMANENT_LUID 16 117da6c28aaSamw #define SE_BACKUP_LUID 17 118da6c28aaSamw #define SE_RESTORE_LUID 18 119da6c28aaSamw #define SE_SHUTDOWN_LUID 19 120da6c28aaSamw #define SE_DEBUG_LUID 20 121da6c28aaSamw #define SE_AUDIT_LUID 21 122da6c28aaSamw #define SE_SYSTEM_ENVIRONMENT_LUID 22 123da6c28aaSamw #define SE_CHANGE_NOTIFY_LUID 23 124da6c28aaSamw #define SE_REMOTE_SHUTDOWN_LUID 24 125dc20a302Sas200622 #define SE_MAX_LUID 24 126da6c28aaSamw 127da6c28aaSamw /* 128da6c28aaSamw * Privilege attributes 129da6c28aaSamw */ 130da6c28aaSamw #define SE_PRIVILEGE_DISABLED 0x00000000 131da6c28aaSamw #define SE_PRIVILEGE_ENABLED_BY_DEFAULT 0x00000001 132da6c28aaSamw #define SE_PRIVILEGE_ENABLED 0x00000002 133da6c28aaSamw #define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000 134da6c28aaSamw 135da6c28aaSamw /* 136da6c28aaSamw * Privilege Set Control flags 137da6c28aaSamw */ 138da6c28aaSamw #define PRIVILEGE_SET_ALL_NECESSARY 1 139da6c28aaSamw 140*a90cf9f2SGordon Ross /* 141*a90cf9f2SGordon Ross * Local User ID (an NT thing, not a Unix UID) 142*a90cf9f2SGordon Ross * See also: smb_luid_xdr() 143*a90cf9f2SGordon Ross */ 144da6c28aaSamw typedef struct smb_luid { 145da6c28aaSamw uint32_t lo_part; 146da6c28aaSamw uint32_t hi_part; 147da6c28aaSamw } smb_luid_t; 148da6c28aaSamw 149*a90cf9f2SGordon Ross /* 150*a90cf9f2SGordon Ross * Local User ID and attributes (again, an NT thing) 151*a90cf9f2SGordon Ross * See also: smb_luid_attrs_xdr() 152*a90cf9f2SGordon Ross */ 153da6c28aaSamw typedef struct smb_luid_attrs { 154da6c28aaSamw smb_luid_t luid; 155da6c28aaSamw uint32_t attrs; 156da6c28aaSamw } smb_luid_attrs_t; 157da6c28aaSamw 158*a90cf9f2SGordon Ross /* 159*a90cf9f2SGordon Ross * An (NT-style) collection of privileges. 160*a90cf9f2SGordon Ross * See also: smb_privset_xdr() 161*a90cf9f2SGordon Ross */ 162da6c28aaSamw typedef struct smb_privset { 163da6c28aaSamw uint32_t priv_cnt; 164da6c28aaSamw uint32_t control; 165da6c28aaSamw smb_luid_attrs_t priv[ANY_SIZE_ARRAY]; 166da6c28aaSamw } smb_privset_t; 167da6c28aaSamw 168da6c28aaSamw /* 169da6c28aaSamw * These are possible value for smb_privinfo_t.flags 170da6c28aaSamw * 171da6c28aaSamw * PF_PRESENTABLE Privilege is user visible 172da6c28aaSamw */ 173da6c28aaSamw #define PF_PRESENTABLE 0x1 174da6c28aaSamw 175da6c28aaSamw /* 176da6c28aaSamw * Structure for passing privilege name and id information around within 177da6c28aaSamw * the system. Note that we are only storing the low uint32_t of the LUID; 178da6c28aaSamw * the high part is always zero here. 179da6c28aaSamw */ 180da6c28aaSamw typedef struct smb_privinfo { 181da6c28aaSamw uint32_t id; 182da6c28aaSamw char *name; 183da6c28aaSamw char *display_name; 184da6c28aaSamw uint16_t flags; 185da6c28aaSamw } smb_privinfo_t; 186da6c28aaSamw 187da6c28aaSamw smb_privinfo_t *smb_priv_getbyvalue(uint32_t id); 188da6c28aaSamw smb_privinfo_t *smb_priv_getbyname(char *name); 189da6c28aaSamw int smb_priv_presentable_num(void); 190da6c28aaSamw int smb_priv_presentable_ids(uint32_t *ids, int num); 191da6c28aaSamw smb_privset_t *smb_privset_new(); 192da6c28aaSamw int smb_privset_size(); 193da6c28aaSamw void smb_privset_init(smb_privset_t *privset); 194da6c28aaSamw void smb_privset_free(smb_privset_t *privset); 195da6c28aaSamw void smb_privset_copy(smb_privset_t *dst, smb_privset_t *src); 196dc20a302Sas200622 void smb_privset_merge(smb_privset_t *dst, smb_privset_t *src); 197da6c28aaSamw void smb_privset_enable(smb_privset_t *privset, uint32_t id); 198da6c28aaSamw int smb_privset_query(smb_privset_t *privset, uint32_t id); 199da6c28aaSamw void smb_privset_log(smb_privset_t *privset); 200da6c28aaSamw 201da6c28aaSamw #ifdef __cplusplus 202da6c28aaSamw } 203da6c28aaSamw #endif 204da6c28aaSamw 205da6c28aaSamw #endif /* _SMB_PRIVILEGE_H */ 206