svn commit: samba r5712 - in trunk/source: include lib utils

jerry at samba.org jerry at samba.org
Wed Mar 9 18:49:06 GMT 2005


Author: jerry
Date: 2005-03-09 18:49:05 +0000 (Wed, 09 Mar 2005)
New Revision: 5712

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5712

Log:
add SeBackupPrivlege string to make MS Print Migrator happy
Modified:
   trunk/source/include/privileges.h
   trunk/source/lib/privileges.c
   trunk/source/utils/net_rpc_rights.c


Changeset:
Modified: trunk/source/include/privileges.h
===================================================================
--- trunk/source/include/privileges.h	2005-03-09 18:47:38 UTC (rev 5711)
+++ trunk/source/include/privileges.h	2005-03-09 18:49:05 UTC (rev 5712)
@@ -6,7 +6,7 @@
    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
    Copyright (C) Paul Ashton 1997
    Copyright (C) Simo Sorce 2003
-   Copyright (C) Gerald (Jerry) Carter 2004
+   Copyright (C) Gerald (Jerry) Carter 2005
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -57,6 +57,7 @@
 #define SE_ADD_USERS			{ { 0x00000040, 0x00000000, 0x00000000, 0x00000000 } }
 #define SE_DISK_OPERATOR		{ { 0x00000080, 0x00000000, 0x00000000, 0x00000000 } }
 #define SE_REMOTE_SHUTDOWN		{ { 0x00000100, 0x00000000, 0x00000000, 0x00000000 } }
+#define SE_BACKUP			{ { 0x00000200, 0x00000000, 0x00000000, 0x00000000 } }
 
 /* defined in lib/privilegs.c */
 

Modified: trunk/source/lib/privileges.c
===================================================================
--- trunk/source/lib/privileges.c	2005-03-09 18:47:38 UTC (rev 5711)
+++ trunk/source/lib/privileges.c	2005-03-09 18:49:05 UTC (rev 5712)
@@ -3,7 +3,7 @@
    Privileges handling functions
    Copyright (C) Jean François Micouleau	1998-2001
    Copyright (C) Simo Sorce			2002-2003
-   Copyright (C) Gerald (Jerry) Carter          2004
+   Copyright (C) Gerald (Jerry) Carter          2005
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -40,6 +40,43 @@
 const SE_PRIV se_disk_operators  = SE_DISK_OPERATOR;
 const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
 
+/********************************************************************
+ This is a list of privileges reported by a WIndows 2000 SP4 AD DC
+ just for reference purposes:
+
+            SeCreateTokenPrivilege  Create a token object
+     SeAssignPrimaryTokenPrivilege  Replace a process level token
+             SeLockMemoryPrivilege  Lock pages in memory
+          SeIncreaseQuotaPrivilege  Increase quotas
+         SeMachineAccountPrivilege  Add workstations to domain
+                    SeTcbPrivilege  Act as part of the operating system
+               SeSecurityPrivilege  Manage auditing and security log
+          SeTakeOwnershipPrivilege  Take ownership of files or other objects
+             SeLoadDriverPrivilege  Load and unload device drivers
+          SeSystemProfilePrivilege  Profile system performance
+             SeSystemtimePrivilege  Change the system time
+   SeProfileSingleProcessPrivilege  Profile single process
+   SeIncreaseBasePriorityPrivilege  Increase scheduling priority
+         SeCreatePagefilePrivilege  Create a pagefile
+        SeCreatePermanentPrivilege  Create permanent shared objects
+                 SeBackupPrivilege  Back up files and directories
+                SeRestorePrivilege  Restore files and directories
+               SeShutdownPrivilege  Shut down the system
+                  SeDebugPrivilege  Debug programs
+                  SeAuditPrivilege  Generate security audits
+      SeSystemEnvironmentPrivilege  Modify firmware environment values
+           SeChangeNotifyPrivilege  Bypass traverse checking
+         SeRemoteShutdownPrivilege  Force shutdown from a remote system
+                 SeUndockPrivilege  Remove computer from docking station
+              SeSyncAgentPrivilege  Synchronize directory service data
+       SeEnableDelegationPrivilege  Enable computer and user accounts to be trusted for delegation
+           SeManageVolumePrivilege  Perform volume maintenance tasks
+            SeImpersonatePrivilege  Impersonate a client after authentication
+           SeCreateGlobalPrivilege  Create global objects
+
+********************************************************************/
+
+
 PRIVS privs[] = {
 #if 0	/* usrmgr will display these twice if you include them.  We don't 
 	   use them but we'll keep the bitmasks reserved in privileges.h anyways */
@@ -54,42 +91,11 @@
 	{SE_ADD_USERS,			"SeAddUsersPrivilege",			"Add users and groups to the domain"},
 	{SE_REMOTE_SHUTDOWN,		"SeRemoteShutdownPrivilege",		"Force shutdown from a remote system"},
 	{SE_DISK_OPERATOR,		"SeDiskOperatorPrivilege",		"Manage disk shares"},
+        {SE_BACKUP,                     "SeBackupPrivilege",                    "Back up files and directories"},
 
 	{SE_END,			"",					""}
 };
 
-#if 0	/* not needed currently */
-PRIVS privs[] = {
-	{SE_ASSIGN_PRIMARY_TOKEN,	"SeAssignPrimaryTokenPrivilege",	"Assign Primary Token"},
-	{SE_CREATE_TOKEN,		"SeCreateTokenPrivilege",		"Create Token"},
-	{SE_LOCK_MEMORY,		"SeLockMemoryPrivilege",		"Lock Memory"},
-	{SE_INCREASE_QUOTA,		"SeIncreaseQuotaPrivilege",		"Increase Quota"},
-	{SE_UNSOLICITED_INPUT,		"SeUnsolicitedInputPrivilege",		"Unsolicited Input"},
-	{SE_TCB,			"SeTcbPrivilege",			"Act as part of the operating system"},
-	{SE_SECURITY,			"SeSecurityPrivilege",			"Security Privilege"},
-	{SE_TAKE_OWNERSHIP,		"SeTakeOwnershipPrivilege",		"Take Ownership Privilege"},
-	{SE_LOAD_DRIVER,		"SeLocalDriverPrivilege",		"Local Driver Privilege"},
-	{SE_SYSTEM_PROFILE,		"SeSystemProfilePrivilege",		"System Profile Privilege"},
-	{SE_SYSTEM_TIME,		"SeSystemtimePrivilege",		"System Time"},
-	{SE_PROF_SINGLE_PROCESS,	"SeProfileSingleProcessPrivilege",	"Profile Single Process Privilege"},
-	{SE_INC_BASE_PRIORITY,		"SeIncreaseBasePriorityPrivilege",	"Increase Base Priority Privilege"},
-	{SE_CREATE_PAGEFILE,		"SeCreatePagefilePrivilege",		"Create Pagefile Privilege"},
-	{SE_CREATE_PERMANENT,		"SeCreatePermanentPrivilege",		"Create Permanent"},
-	{SE_BACKUP,			"SeBackupPrivilege",			"Backup Privilege"},
-	{SE_RESTORE,			"SeRestorePrivilege",			"Restore Privilege"},
-	{SE_SHUTDOWN,			"SeShutdownPrivilege",			"Shutdown Privilege"},
-	{SE_DEBUG,			"SeDebugPrivilege",			"Debug Privilege"},
-	{SE_AUDIT,			"SeAuditPrivilege",			"Audit"},
-	{SE_SYSTEM_ENVIRONMENT,		"SeSystemEnvironmentPrivilege",		"System Environment Privilege"},
-	{SE_CHANGE_NOTIFY,		"SeChangeNotifyPrivilege",		"Change Notify"},
-	{SE_UNDOCK,			"SeUndockPrivilege",			"Undock"},
-	{SE_SYNC_AGENT,			"SeSynchronizationAgentPrivilege",	"Synchronization Agent"},
-	{SE_ENABLE_DELEGATION,		"SeEnableDelegationPrivilege",		"Enable Delegation"},
-	{SE_ALL_PRIVS,			"SeAllPrivileges",			"All Privileges"}
-	{SE_END,			"",					""}
-};
-#endif
-
 typedef struct priv_sid_list {
 	SE_PRIV privilege;
 	SID_LIST sids;
@@ -177,6 +183,24 @@
 	return se_priv_equal( &p1, &se_priv_none );
 }
 
+/*********************************************************************
+ Lookup the SE_PRIV value for a privilege name 
+*********************************************************************/
+
+BOOL se_priv_from_name( const char *name, SE_PRIV *mask )
+{
+	int i;
+
+	for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
+		if ( strequal( privs[i].name, name ) ) {
+			se_priv_copy( mask, &privs[i].se_priv );
+			return True;
+		}
+	}
+
+	return False;
+}
+
 /***************************************************************************
  dump an SE_PRIV structure to the log files
 ****************************************************************************/
@@ -369,11 +393,9 @@
 	
 	for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
 	
-		/* just use the index+1 (so its non-zero) into the 
-		   array as the lower portion of the LUID */
-	
 		if ( se_priv_equal( &privs[i].se_priv, mask ) ) {
 			priv_luid.luid.low = GENERATE_LUID_LOW(i);
+			break;
 		}
 	}
 
@@ -610,6 +632,7 @@
 /****************************************************************************
  initialise a privilege list and set the talloc context 
  ****************************************************************************/
+ 
 NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set)
 {
 	TALLOC_CTX *mem_ctx;
@@ -664,9 +687,6 @@
 {
 	int i;
 
-	/* don't crash if the source pointer is NULL (since we don't
-	   do priviledges now anyways) */
-
 	if ( !old_la )
 		return NT_STATUS_OK;
 
@@ -731,26 +751,6 @@
 	return name;
 }
 
-/****************************************************************************
- Convert an LUID to a 32-bit mask
-****************************************************************************/
-
-SE_PRIV* luid_to_privilege_mask(const LUID *set)
-{
-	static SE_PRIV mask;
-	int max = count_all_privileges();
-	
-	if (set->high != 0)
-		return NULL;
-
-	if ( set->low > max )
-		return NULL;
-
-	se_priv_copy( &mask, &privs[set->low - 1].se_priv );
-
-	return &mask;
-}
-
 /*******************************************************************
  return the number of elements in the privlege array
 *******************************************************************/

Modified: trunk/source/utils/net_rpc_rights.c
===================================================================
--- trunk/source/utils/net_rpc_rights.c	2005-03-09 18:47:38 UTC (rev 5711)
+++ trunk/source/utils/net_rpc_rights.c	2005-03-09 18:49:05 UTC (rev 5712)
@@ -112,7 +112,7 @@
 	/* Print results */
 	
 	for (i = 0; i < count; i++) {
-		d_printf("%30s  ", privs_name[i] ? privs_name[i] : "*unknown*" );
+		d_printf("%34s  ", privs_name[i] ? privs_name[i] : "*unknown*" );
 		
 		/* try to get the description */
 		



More information about the samba-cvs mailing list