Print this page
1575 untangle libmlrpc ... (smbsrv)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/smbsrv/smb_privilege.h
+++ new/usr/src/uts/common/smbsrv/smb_privilege.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
|
↓ open down ↓ |
20 lines elided |
↑ open up ↑ |
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 *
25 25 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
26 26 */
27 27
28 28 #ifndef _SMB_PRIVILEGE_H
29 29 #define _SMB_PRIVILEGE_H
30 30
31 -#include <smbsrv/wintypes.h>
31 +#include <smb/wintypes.h>
32 32
33 33 #ifdef __cplusplus
34 34 extern "C" {
35 35 #endif
36 36
37 37 /*
38 38 * Privileges
39 39 *
40 40 * Privileges apply to all objects and over-ride the access controls
41 41 * in an object's security descriptor in a manner specific to each
42 42 * privilege. Privileges are still not full defined. Privileges are
43 43 * defined in a set structure (LUID = Locally Unique Identifier).
44 44 *
45 45 * The default LUID, name and display names defined on NT 4.0 are:
46 46 * LUID Privilege Name Display Name
47 47 * ---- -------------- ------------
48 48 * 0:2 SeCreateTokenPrivilege Create a token object
49 49 * 0:3 SeAssignPrimaryTokenPrivilege Replace a process level token
50 50 * 0:4 SeLockMemoryPrivilege Lock pages in memory
51 51 * 0:5 SeIncreaseQuotaPrivilege Increase quotas
52 52 * 0:6 SeMachineAccountPrivilege Add workstations to domain
53 53 * 0:7 SeTcbPrivilege Act as part of the operating system
54 54 * 0:8 SeSecurityPrivilege Manage auditing and security log
55 55 * 0:9 SeTakeOwnershipPrivilege Take ownership of files or other objects
56 56 * 0:10 SeLoadDriverPrivilege Load and unload device drivers
57 57 * 0:11 SeSystemProfilePrivilege Profile system performance
58 58 * 0:12 SeSystemtimePrivilege Change the system time
59 59 * 0:13 SeProfileSingleProcessPrivilege Profile single process
60 60 * 0:14 SeIncreaseBasePriorityPrivilege Increase scheduling priority
61 61 * 0:15 SeCreatePagefilePrivilege Create a pagefile
62 62 * 0:16 SeCreatePermanentPrivilege Create permanent shared objects
63 63 * 0:17 SeBackupPrivilege Back up files and directories
64 64 * 0:18 SeRestorePrivilege Restore files and directories
65 65 * 0:19 SeShutdownPrivilege Shut down the system
66 66 * 0:20 SeDebugPrivilege Debug programs
67 67 * 0:21 SeAuditPrivilege Generate security audits
68 68 * 0:22 SeSystemEnvironmentPrivilege Modify firmware environment values
69 69 * 0:23 SeChangeNotifyPrivilege Bypass traverse checking
70 70 * 0:24 SeRemoteShutdownPrivilege Force shutdown from a remote system
71 71 */
72 72
73 73 /*
74 74 * Privilege names
75 75 */
76 76 #define SE_CREATE_TOKEN_NAME "SeCreateTokenPrivilege"
77 77 #define SE_ASSIGNPRIMARYTOKEN_NAME "SeAssignPrimaryTokenPrivilege"
78 78 #define SE_LOCK_MEMORY_NAME "SeLockMemoryPrivilege"
79 79 #define SE_INCREASE_QUOTA_NAME "SeIncreaseQuotaPrivilege"
80 80 #define SE_UNSOLICITED_INPUT_NAME "SeUnsolicitedInputPrivilege"
81 81 #define SE_MACHINE_ACCOUNT_NAME "SeMachineAccountPrivilege"
82 82 #define SE_TCB_NAME "SeTcbPrivilege"
83 83 #define SE_SECURITY_NAME "SeSecurityPrivilege"
84 84 #define SE_TAKE_OWNERSHIP_NAME "SeTakeOwnershipPrivilege"
85 85 #define SE_LOAD_DRIVER_NAME "SeLoadDriverPrivilege"
86 86 #define SE_SYSTEM_PROFILE_NAME "SeSystemProfilePrivilege"
87 87 #define SE_SYSTEMTIME_NAME "SeSystemtimePrivilege"
88 88 #define SE_PROF_SINGLE_PROCESS_NAME "SeProfileSingleProcessPrivilege"
89 89 #define SE_INC_BASE_PRIORITY_NAME "SeIncreaseBasePriorityPrivilege"
90 90 #define SE_CREATE_PAGEFILE_NAME "SeCreatePagefilePrivilege"
91 91 #define SE_CREATE_PERMANENT_NAME "SeCreatePermanentPrivilege"
92 92 #define SE_BACKUP_NAME "SeBackupPrivilege"
93 93 #define SE_RESTORE_NAME "SeRestorePrivilege"
94 94 #define SE_SHUTDOWN_NAME "SeShutdownPrivilege"
95 95 #define SE_DEBUG_NAME "SeDebugPrivilege"
96 96 #define SE_AUDIT_NAME "SeAuditPrivilege"
97 97 #define SE_SYSTEM_ENVIRONMENT_NAME "SeSystemEnvironmentPrivilege"
98 98 #define SE_CHANGE_NOTIFY_NAME "SeChangeNotifyPrivilege"
99 99 #define SE_REMOTE_SHUTDOWN_NAME "SeRemoteShutdownPrivilege"
100 100
101 101 #define SE_MIN_LUID 2
102 102 #define SE_CREATE_TOKEN_LUID 2
103 103 #define SE_ASSIGNPRIMARYTOKEN_LUID 3
104 104 #define SE_LOCK_MEMORY_LUID 4
105 105 #define SE_INCREASE_QUOTA_LUID 5
106 106 #define SE_MACHINE_ACCOUNT_LUID 6
107 107 #define SE_TCB_LUID 7
108 108 #define SE_SECURITY_LUID 8
109 109 #define SE_TAKE_OWNERSHIP_LUID 9
110 110 #define SE_LOAD_DRIVER_LUID 10
111 111 #define SE_SYSTEM_PROFILE_LUID 11
112 112 #define SE_SYSTEMTIME_LUID 12
113 113 #define SE_PROF_SINGLE_PROCESS_LUID 13
114 114 #define SE_INC_BASE_PRIORITY_LUID 14
115 115 #define SE_CREATE_PAGEFILE_LUID 15
116 116 #define SE_CREATE_PERMANENT_LUID 16
117 117 #define SE_BACKUP_LUID 17
118 118 #define SE_RESTORE_LUID 18
119 119 #define SE_SHUTDOWN_LUID 19
120 120 #define SE_DEBUG_LUID 20
121 121 #define SE_AUDIT_LUID 21
122 122 #define SE_SYSTEM_ENVIRONMENT_LUID 22
123 123 #define SE_CHANGE_NOTIFY_LUID 23
124 124 #define SE_REMOTE_SHUTDOWN_LUID 24
125 125 #define SE_MAX_LUID 24
126 126
127 127 /*
128 128 * Privilege attributes
129 129 */
130 130 #define SE_PRIVILEGE_DISABLED 0x00000000
131 131 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT 0x00000001
132 132 #define SE_PRIVILEGE_ENABLED 0x00000002
133 133 #define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000
134 134
135 135 /*
136 136 * Privilege Set Control flags
137 137 */
138 138 #define PRIVILEGE_SET_ALL_NECESSARY 1
139 139
140 140 /*
141 141 * Local User ID (an NT thing, not a Unix UID)
142 142 * See also: smb_luid_xdr()
143 143 */
144 144 typedef struct smb_luid {
145 145 uint32_t lo_part;
146 146 uint32_t hi_part;
147 147 } smb_luid_t;
148 148
149 149 /*
150 150 * Local User ID and attributes (again, an NT thing)
151 151 * See also: smb_luid_attrs_xdr()
152 152 */
153 153 typedef struct smb_luid_attrs {
154 154 smb_luid_t luid;
155 155 uint32_t attrs;
156 156 } smb_luid_attrs_t;
157 157
158 158 /*
159 159 * An (NT-style) collection of privileges.
160 160 * See also: smb_privset_xdr()
161 161 */
162 162 typedef struct smb_privset {
163 163 uint32_t priv_cnt;
164 164 uint32_t control;
165 165 smb_luid_attrs_t priv[ANY_SIZE_ARRAY];
166 166 } smb_privset_t;
167 167
168 168 /*
169 169 * These are possible value for smb_privinfo_t.flags
170 170 *
171 171 * PF_PRESENTABLE Privilege is user visible
172 172 */
173 173 #define PF_PRESENTABLE 0x1
174 174
175 175 /*
176 176 * Structure for passing privilege name and id information around within
177 177 * the system. Note that we are only storing the low uint32_t of the LUID;
178 178 * the high part is always zero here.
179 179 */
180 180 typedef struct smb_privinfo {
181 181 uint32_t id;
182 182 char *name;
183 183 char *display_name;
184 184 uint16_t flags;
185 185 } smb_privinfo_t;
186 186
187 187 smb_privinfo_t *smb_priv_getbyvalue(uint32_t id);
188 188 smb_privinfo_t *smb_priv_getbyname(char *name);
189 189 int smb_priv_presentable_num(void);
190 190 int smb_priv_presentable_ids(uint32_t *ids, int num);
191 191 smb_privset_t *smb_privset_new();
192 192 int smb_privset_size();
193 193 void smb_privset_init(smb_privset_t *privset);
194 194 void smb_privset_free(smb_privset_t *privset);
195 195 void smb_privset_copy(smb_privset_t *dst, smb_privset_t *src);
196 196 void smb_privset_merge(smb_privset_t *dst, smb_privset_t *src);
197 197 void smb_privset_enable(smb_privset_t *privset, uint32_t id);
198 198 int smb_privset_query(smb_privset_t *privset, uint32_t id);
199 199 void smb_privset_log(smb_privset_t *privset);
200 200
201 201 #ifdef __cplusplus
202 202 }
203 203 #endif
204 204
205 205 #endif /* _SMB_PRIVILEGE_H */
|
↓ open down ↓ |
164 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX