summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-06-03 10:36:05 +0200
committerGünther Deschner <gd@samba.org>2010-06-03 11:00:26 +0200
commitb6a2cea74d90499bd3e239ab696502ae8afed30e (patch)
tree5b2796475ab3e334cd4d39fa25742d756a6b851c
parent102b0cfe62c6486846cdfb4938a83e2be4aad912 (diff)
downloadsamba-b6a2cea74d90499bd3e239ab696502ae8afed30e.tar.gz
samba-b6a2cea74d90499bd3e239ab696502ae8afed30e.tar.xz
samba-b6a2cea74d90499bd3e239ab696502ae8afed30e.zip
s3-security: use shared "Standard access rights.".
Guenther
-rw-r--r--source3/include/rpc_secdes.h10
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/lib/netapi/localgroup.c2
-rw-r--r--source3/lib/netapi/user.c4
-rw-r--r--source3/modules/nfs4_acls.c2
-rw-r--r--source3/rpc_server/srv_lsa_nt.c4
-rw-r--r--source3/rpc_server/srv_samr_nt.c16
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c6
-rw-r--r--source3/rpc_server/srv_winreg_nt.c4
-rw-r--r--source3/smbd/reply.c2
10 files changed, 21 insertions, 31 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 216f8830eb5..d14a95b17b3 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -24,14 +24,4 @@
/* for ADS */
#define SEC_RIGHTS_FULL_CTRL 0xf01ff
-/* Standard access rights. */
-
-#define STD_RIGHT_DELETE_ACCESS 0x00010000
-#define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
-#define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
-#define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
-#define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
-
-#define STD_RIGHT_ALL_ACCESS 0x001F0000
-
#endif /* _RPC_SECDES_H */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 89b3572d67e..ce8022ab217 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1234,7 +1234,7 @@ struct bitmap {
SYNCHRONIZE_ACCESS)
/* This maps to 0x120116 */
-#define FILE_GENERIC_WRITE (STD_RIGHT_READ_CONTROL_ACCESS|\
+#define FILE_GENERIC_WRITE (SEC_STD_READ_CONTROL|\
FILE_WRITE_DATA|\
FILE_WRITE_ATTRIBUTES|\
FILE_WRITE_EA|\
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index dd0f8d20976..f8832328fe5 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -934,7 +934,7 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx,
false,
- STD_RIGHT_READ_CONTROL_ACCESS |
+ SEC_STD_READ_CONTROL |
LSA_POLICY_VIEW_LOCAL_INFORMATION |
LSA_POLICY_LOOKUP_NAMES,
&lsa_handle);
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index e291193fa28..c586d11ceb1 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -1770,8 +1770,8 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
SAMR_USER_ACCESS_GET_GROUPS;
break;
case 3:
- user_mask = STD_RIGHT_READ_CONTROL_ACCESS |
- STD_RIGHT_WRITE_DAC_ACCESS |
+ user_mask = SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
SAMR_USER_ACCESS_GET_GROUPS |
SAMR_USER_ACCESS_SET_PASSWORD |
SAMR_USER_ACCESS_SET_ATTRIBUTES |
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 3d4ab295103..83e8f38ae8b 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -553,7 +553,7 @@ static bool smbacl4_fill_ace4(
ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
ace_v4->aceMask = ace_nt->access_mask &
- (STD_RIGHT_ALL_ACCESS | SEC_FILE_ALL);
+ (SEC_STD_ALL | SEC_FILE_ALL);
se_map_generic(&ace_v4->aceMask, &file_generic_mapping);
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 7e00e7aa33f..fffb912782c 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1414,7 +1414,7 @@ NTSTATUS _lsa_DeleteObject(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
}
- if (!(info->access & STD_RIGHT_DELETE_ACCESS)) {
+ if (!(info->access & SEC_STD_DELETE)) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -2261,7 +2261,7 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p,
status = access_check_object(psd, p->server_info->ptok,
NULL, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
- LSA_ACCOUNT_VIEW|STD_RIGHT_DELETE_ACCESS,
+ LSA_ACCOUNT_VIEW|SEC_STD_DELETE,
&acc_granted, "_lsa_RemoveAccountRights");
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 30c5c5e839a..fda8515e12b 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -779,7 +779,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
size_t sd_size = 0;
cinfo = policy_handle_find(p, r->in.handle,
- STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ SEC_STD_READ_CONTROL, NULL,
struct samr_connect_info, &status);
if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
@@ -789,7 +789,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
}
dinfo = policy_handle_find(p, r->in.handle,
- STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ SEC_STD_READ_CONTROL, NULL,
struct samr_domain_info, &status);
if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
@@ -804,7 +804,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
}
uinfo = policy_handle_find(p, r->in.handle,
- STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ SEC_STD_READ_CONTROL, NULL,
struct samr_user_info, &status);
if (NT_STATUS_IS_OK(status)) {
DEBUG(10,("_samr_QuerySecurity: querying security on user "
@@ -825,7 +825,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
}
ginfo = policy_handle_find(p, r->in.handle,
- STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ SEC_STD_READ_CONTROL, NULL,
struct samr_group_info, &status);
if (NT_STATUS_IS_OK(status)) {
/*
@@ -843,7 +843,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
}
ainfo = policy_handle_find(p, r->in.handle,
- STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ SEC_STD_READ_CONTROL, NULL,
struct samr_alias_info, &status);
if (NT_STATUS_IS_OK(status)) {
/*
@@ -5699,7 +5699,7 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__));
uinfo = policy_handle_find(p, r->in.user_handle,
- STD_RIGHT_DELETE_ACCESS, NULL,
+ SEC_STD_DELETE, NULL,
struct samr_user_info, &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -5767,7 +5767,7 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p,
DEBUG(5, ("samr_DeleteDomainGroup: %d\n", __LINE__));
ginfo = policy_handle_find(p, r->in.group_handle,
- STD_RIGHT_DELETE_ACCESS, NULL,
+ SEC_STD_DELETE, NULL,
struct samr_group_info, &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -5817,7 +5817,7 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p,
DEBUG(5, ("_samr_DeleteDomAlias: %d\n", __LINE__));
ainfo = policy_handle_find(p, r->in.alias_handle,
- STD_RIGHT_DELETE_ACCESS, NULL,
+ SEC_STD_DELETE, NULL,
struct samr_alias_info, &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 02b3c8d8334..5dc62ef29ba 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -869,7 +869,7 @@ WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
/* check access reights (according to MSDN) */
- if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
+ if ( !(info->access_granted & SEC_STD_READ_CONTROL) )
return WERR_ACCESS_DENIED;
/* TODO: handle something besides SECINFO_DACL */
@@ -923,12 +923,12 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
switch ( r->in.security_flags ) {
case SECINFO_DACL:
- required_access = STD_RIGHT_WRITE_DAC_ACCESS;
+ required_access = SEC_STD_WRITE_DAC;
break;
case SECINFO_OWNER:
case SECINFO_GROUP:
- required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
+ required_access = SEC_STD_WRITE_OWNER;
break;
case SECINFO_SACL:
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 10ea8fef223..28d5ac92376 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -851,7 +851,7 @@ WERROR _winreg_GetKeySecurity(pipes_struct *p, struct winreg_GetKeySecurity *r)
/* access checks first */
- if ( !(key->key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
+ if ( !(key->key->access_granted & SEC_STD_READ_CONTROL) )
return WERR_ACCESS_DENIED;
err = reg_getkeysecurity(p->mem_ctx, key, &secdesc);
@@ -892,7 +892,7 @@ WERROR _winreg_SetKeySecurity(pipes_struct *p, struct winreg_SetKeySecurity *r)
/* access checks first */
- if ( !(key->key->access_granted & STD_RIGHT_WRITE_DAC_ACCESS) )
+ if ( !(key->key->access_granted & SEC_STD_WRITE_DAC) )
return WERR_ACCESS_DENIED;
err = ntstatus_to_werror(unmarshall_sec_desc(p->mem_ctx, r->in.sd->data,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 5107b1a9e23..330e89df18f 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2024,7 +2024,7 @@ void reply_open_and_X(struct smb_request *req)
SSVAL(req->outbuf,smb_vwv11,smb_action);
if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
- SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
+ SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
}
chain_reply(req);