svn commit: samba r4196 - in branches/SAMBA_4_0/source: libcli/security rpc_server/lsa

tridge at samba.org tridge at samba.org
Tue Dec 14 05:51:02 GMT 2004 

Author: tridge
Date: 2004-12-14 05:51:01 +0000 (Tue, 14 Dec 2004)
New Revision: 4196

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4196

Log:
- added server side code for lsa_LookupPrivDisplayName

- added english descriptions of privileges. We should add other
  languages in the future.





Modified:
   branches/SAMBA_4_0/source/libcli/security/privilege.c
   branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/security/privilege.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/privilege.c	2004-12-14 05:32:51 UTC (rev 4195)
+++ branches/SAMBA_4_0/source/libcli/security/privilege.c	2004-12-14 05:51:01 UTC (rev 4196)
@@ -27,31 +27,103 @@
 static const struct {
 	enum sec_privilege privilege;
 	const char *name;
+	const char *display_name;
 } privilege_names[] = {
-	{SEC_PRIV_SECURITY,                   "SeSecurityPrivilege"},
-	{SEC_PRIV_BACKUP,                     "SeBackupPrivilege"},
-	{SEC_PRIV_RESTORE,                    "SeRestorePrivilege"},
-	{SEC_PRIV_SYSTEMTIME,                 "SeSystemtimePrivilege"},
-	{SEC_PRIV_SHUTDOWN,                   "SeShutdownPrivilege"},
-	{SEC_PRIV_REMOTE_SHUTDOWN,            "SeRemoteShutdownPrivilege"},
-	{SEC_PRIV_TAKE_OWNERSHIP,             "SeTakeOwnershipPrivilege"},
-	{SEC_PRIV_DEBUG,                      "SeDebugPrivilege"},
-	{SEC_PRIV_SYSTEM_ENVIRONMENT,         "SeSystemEnvironmentPrivilege"},
-	{SEC_PRIV_SYSTEM_PROFILE,             "SeSystemProfilePrivilege"},
-	{SEC_PRIV_PROFILE_SINGLE_PROCESS,     "SeProfileSingleProcessPrivilege"},
-	{SEC_PRIV_INCREASE_BASE_PRIORITY,     "SeIncreaseBasePriorityPrivilege"},
-	{SEC_PRIV_LOAD_DRIVER,                "SeLoadDriverPrivilege"},
-	{SEC_PRIV_CREATE_PAGEFILE,            "SeCreatePagefilePrivilege"},
-	{SEC_PRIV_INCREASE_QUOTA,             "SeIncreaseQuotaPrivilege"},
-	{SEC_PRIV_CHANGE_NOTIFY,              "SeChangeNotifyPrivilege"},
-	{SEC_PRIV_UNDOCK,                     "SeUndockPrivilege"},
-	{SEC_PRIV_MANAGE_VOLUME,              "SeManageVolumePrivilege"},
-	{SEC_PRIV_IMPERSONATE,                "SeImpersonatePrivilege"},
-	{SEC_PRIV_CREATE_GLOBAL,              "SeCreateGlobalPrivilege"},
-	{SEC_PRIV_ENABLE_DELEGATION,          "SeEnableDelegationPrivilege"},
-	{SEC_PRIV_INTERACTIVE_LOGON,          "SeInteractiveLogonRight"},
-	{SEC_PRIV_NETWORK_LOGON,              "SeNetworkLogonRight"},
-	{SEC_PRIV_REMOTE_INTERACTIVE_LOGON,   "SeRemoteInteractiveLogonRight"}
+	{SEC_PRIV_SECURITY,                   
+	 "SeSecurityPrivilege",
+	"System security"},
+
+	{SEC_PRIV_BACKUP,                     
+	 "SeBackupPrivilege",
+	 "Backup files and directories"},
+
+	{SEC_PRIV_RESTORE,                    
+	 "SeRestorePrivilege",
+	"Restore files and directories"},
+
+	{SEC_PRIV_SYSTEMTIME,                 
+	 "SeSystemtimePrivilege",
+	"Set the system clock"},
+
+	{SEC_PRIV_SHUTDOWN,                   
+	 "SeShutdownPrivilege",
+	"Shutdown the system"},
+
+	{SEC_PRIV_REMOTE_SHUTDOWN,            
+	 "SeRemoteShutdownPrivilege",
+	"Shutdown the system remotely"},
+
+	{SEC_PRIV_TAKE_OWNERSHIP,             
+	 "SeTakeOwnershipPrivilege",
+	"Take ownership of files and directories"},
+
+	{SEC_PRIV_DEBUG,                      
+	 "SeDebugPrivilege",
+	"Debug processes"},
+
+	{SEC_PRIV_SYSTEM_ENVIRONMENT,         
+	 "SeSystemEnvironmentPrivilege",
+	"Modify system environment"},
+
+	{SEC_PRIV_SYSTEM_PROFILE,             
+	 "SeSystemProfilePrivilege",
+	"Profile the system"},
+
+	{SEC_PRIV_PROFILE_SINGLE_PROCESS,     
+	 "SeProfileSingleProcessPrivilege",
+	"Profile one process"},
+
+	{SEC_PRIV_INCREASE_BASE_PRIORITY,     
+	 "SeIncreaseBasePriorityPrivilege",
+	 "Increase base priority"},
+
+	{SEC_PRIV_LOAD_DRIVER,
+	 "SeLoadDriverPrivilege",
+	"Load drivers"},
+
+	{SEC_PRIV_CREATE_PAGEFILE,            
+	 "SeCreatePagefilePrivilege",
+	"Create page files"},
+
+	{SEC_PRIV_INCREASE_QUOTA,
+	 "SeIncreaseQuotaPrivilege",
+	"Increase quota"},
+
+	{SEC_PRIV_CHANGE_NOTIFY,              
+	 "SeChangeNotifyPrivilege",
+	"Register for change notify"},
+
+	{SEC_PRIV_UNDOCK,                     
+	 "SeUndockPrivilege",
+	"Undock devices"},
+
+	{SEC_PRIV_MANAGE_VOLUME,              
+	 "SeManageVolumePrivilege",
+	"Manage system volumes"},
+
+	{SEC_PRIV_IMPERSONATE,                
+	 "SeImpersonatePrivilege",
+	"Impersonate users"},
+
+	{SEC_PRIV_CREATE_GLOBAL,              
+	 "SeCreateGlobalPrivilege",
+	"Create global"},
+
+	{SEC_PRIV_ENABLE_DELEGATION,          
+	 "SeEnableDelegationPrivilege",
+	"Enable Delegation"},
+
+	{SEC_PRIV_INTERACTIVE_LOGON,          
+	 "SeInteractiveLogonRight",
+	"Interactive logon"},
+
+	{SEC_PRIV_NETWORK_LOGON,
+	 "SeNetworkLogonRight",
+	"Network logon"},
+
+	{SEC_PRIV_REMOTE_INTERACTIVE_LOGON,   
+	 "SeRemoteInteractiveLogonRight",
+	"Remote Interactive logon"}
 };
 
 
@@ -70,6 +142,22 @@
 }
 
 /*
+  map a privilege id to a privilege display name. Return NULL if not found
+  
+  TODO: this should use language mappings
+*/
+const char *sec_privilege_display_name(int privilege, uint16_t *language)
+{
+	int i;
+	for (i=0;i<ARRAY_SIZE(privilege_names);i++) {
+		if (privilege_names[i].privilege == privilege) {
+			return privilege_names[i].display_name;
+		}
+	}
+	return NULL;
+}
+
+/*
   map a privilege name to a privilege id. Return -1 if not found
 */
 int sec_privilege_id(const char *name)

Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2004-12-14 05:32:51 UTC (rev 4195)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2004-12-14 05:51:01 UTC (rev 4196)
@@ -852,17 +852,64 @@
 				   TALLOC_CTX *mem_ctx,
 				   struct lsa_LookupPrivName *r)
 {
-	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+	const char *privname;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	if (r->in.luid->high != 0) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	privname = sec_privilege_name(r->in.luid->low);
+	if (privname == NULL) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	r->out.name = talloc_p(mem_ctx, struct lsa_String);
+	if (r->out.name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	r->out.name->string = privname;
+
+	return NT_STATUS_OK;	
 }
 
 
 /* 
   lsa_LookupPrivDisplayName
 */
-static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-		       struct lsa_LookupPrivDisplayName *r)
+static NTSTATUS lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call, 
+					  TALLOC_CTX *mem_ctx,
+					  struct lsa_LookupPrivDisplayName *r)
 {
-	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+	int id;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	id = sec_privilege_id(r->in.name->string);
+	if (id == -1) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+	
+	r->out.disp_name = talloc_p(mem_ctx, struct lsa_String);
+	if (r->out.disp_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r->out.disp_name->string = sec_privilege_display_name(id, r->in.language_id);
+	if (r->out.disp_name->string == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return NT_STATUS_OK;
 }

More information about the samba-cvs mailing list