summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-08-10 19:51:45 +0000
committerJeremy Allison <jra@samba.org>2000-08-10 19:51:45 +0000
commit1e823bc781fdb0738a58f478432c017732b69068 (patch)
tree2e16ea3c32ecdec25787aaf43b908bf3d08a181f
parent1e46bde597eb77ed708649585d6125f8e82dde31 (diff)
downloadsamba-1e823bc781fdb0738a58f478432c017732b69068.tar.gz
samba-1e823bc781fdb0738a58f478432c017732b69068.tar.bz2
samba-1e823bc781fdb0738a58f478432c017732b69068.zip
Tidied up security rights definitions.
Jeremy. (This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d)
-rw-r--r--source3/include/rpc_secdes.h4
-rwxr-xr-xsource3/include/rpc_spoolss.h29
-rw-r--r--source3/include/smb.h15
-rw-r--r--source3/lib/util_seaccess.c8
-rw-r--r--source3/printing/nt_printing.c2
-rw-r--r--source3/rpc_server/srv_lsa.c3
-rw-r--r--source3/rpcclient/display_sec.c8
7 files changed, 30 insertions, 39 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 13b8494b2e..9acc4511e8 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -29,10 +29,6 @@
#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
#define SEC_RIGHTS_NOTIFY 0x00000010
#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_DELETE 0x00010000
-#define SEC_RIGHTS_READ_CONTROL 0x00020000
-#define SEC_RIGHTS_WRITE_DAC 0x00040000
-#define SEC_RIGHTS_WRITE_OWNER 0x00080000
#define SEC_RIGHTS_READ 0x00020019
#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h
index 6781dc6aea..1e0a53d9e0 100755
--- a/source3/include/rpc_spoolss.h
+++ b/source3/include/rpc_spoolss.h
@@ -157,28 +157,23 @@
#define PRINTER_ACCESS_USE 0x00000008
#define JOB_ACCESS_ADMINISTER 0x00000010
-#define STANDARD_RIGHTS_READ 0x00020000
-#define STANDARD_RIGHTS_WRITE STANDARD_RIGHTS_READ
-#define STANDARD_RIGHTS_EXECUTE STANDARD_RIGHTS_READ
-#define STANDARD_RIGHTS_REQUIRED 0x000F0000
-
/* Access rights for print servers */
-#define SERVER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
-#define SERVER_READ STANDARD_RIGHTS_READ|SERVER_ACCESS_ENUMERATE
-#define SERVER_WRITE STANDARD_RIGHTS_WRITE|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
-#define SERVER_EXECUTE STANDARD_RIGHTS_EXECUTE|SERVER_ACCESS_ENUMERATE
+#define SERVER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_READ STANDARD_RIGHTS_READ_ACCESS|SERVER_ACCESS_ENUMERATE
+#define SERVER_WRITE STANDARD_RIGHTS_WRITE_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_EXECUTE STANDARD_RIGHTS_EXECUTE_ACCESS|SERVER_ACCESS_ENUMERATE
/* Access rights for printers */
-#define PRINTER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE
-#define PRINTER_READ STANDARD_RIGHTS_READ|PRINTER_ACCESS_USE
-#define PRINTER_WRITE STANDARD_RIGHTS_WRITE|PRINTER_ACCESS_USE
-#define PRINTER_EXECUTE STANDARD_RIGHTS_EXECUTE|PRINTER_ACCESS_USE
+#define PRINTER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE
+#define PRINTER_READ STANDARD_RIGHTS_READ_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_WRITE STANDARD_RIGHTS_WRITE_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_EXECUTE STANDARD_RIGHTS_EXECUTE_ACCESS|PRINTER_ACCESS_USE
/* Access rights for jobs */
-#define JOB_ALL_ACCESS STANDARD_RIGHTS_REQUIRED|JOB_ACCESS_ADMINISTER
-#define JOB_READ STANDARD_RIGHTS_READ|JOB_ACCESS_ADMINISTER
-#define JOB_WRITE STANDARD_RIGHTS_WRITE|JOB_ACCESS_ADMINISTER
-#define JOB_EXECUTE STANDARD_RIGHTS_EXECUTE|JOB_ACCESS_ADMINISTER
+#define JOB_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_READ STANDARD_RIGHTS_READ_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_WRITE STANDARD_RIGHTS_WRITE_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_EXECUTE STANDARD_RIGHTS_EXECUTE_ACCESS|JOB_ACCESS_ADMINISTER
#define POLICY_HND_SIZE 20
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 03d4b4c9b3..bd7f828747 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1154,21 +1154,22 @@ struct bitmap {
#define WRITE_OWNER_ACCESS (1L<<19)
#define SYNCHRONIZE_ACCESS (1L<<20)
+/* Combinations of standard masks. */
+#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)
+#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS)
+#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS)
+
#define SYSTEM_SECURITY_ACCESS (1L<<24)
+#define MAXIMUM_ALLOWED_ACCESS (1L<<25)
#define GENERIC_ALL_ACCESS (1<<28)
#define GENERIC_EXECUTE_ACCESS (1<<29)
#define GENERIC_WRITE_ACCESS (1<<30)
#define GENERIC_READ_ACCESS (((unsigned)1)<<31)
-#define FILE_ALL_STANDARD_ACCESS 0x1F0000
-
/* Mapping of access rights to UNIX perms. */
-#if 0 /* Don't use all here... JRA. */
-#define UNIX_ACCESS_RWX (FILE_ALL_ATTRIBUTES|FILE_ALL_STANDARD_ACCESS)
-#else
#define UNIX_ACCESS_RWX (UNIX_ACCESS_R|UNIX_ACCESS_W|UNIX_ACCESS_X)
-#endif
-
#define UNIX_ACCESS_R (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_READ_DATA)
#define UNIX_ACCESS_W (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 486db7c8c8..cacdad16fd 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -241,16 +241,16 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
/*
* The owner always has SEC_RIGHTS_WRITE_DAC.
*/
- if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC)
- tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC;
+ if (tmp_acc_desired & WRITE_DAC_ACCESS)
+ tmp_acc_desired &= ~WRITE_DAC_ACCESS;
}
}
}
acl = sd->dacl;
- if (tmp_acc_desired & SEC_RIGHTS_MAXIMUM_ALLOWED) {
- tmp_acc_desired &= ~SEC_RIGHTS_MAXIMUM_ALLOWED;
+ if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) {
+ tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS;
return get_max_access( acl, token, acc_granted, tmp_acc_desired, status);
}
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 2f32a5ac2e..eefcd2384d 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1987,7 +1987,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void)
}
}
- init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ init_sec_access(&sa, PRINTER_ACE_MANAGE_DOCUMENTS | PRINTER_ACE_PRINT);
init_sec_ace(&ace[1], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index dc97d6db44..f37bb249ba 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -305,8 +305,7 @@ static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
memset(dom_name, '\0', sizeof(dom_name));
memset(name, '\0', sizeof(name));
- status = winbind_lookup_sid(&find_sid, dom_name, name,
- &sid_name_use);
+ status = lookup_sid(&find_sid, dom_name, name, &sid_name_use);
if (!status) {
sid_name_use = SID_NAME_UNKNOWN;
diff --git a/source3/rpcclient/display_sec.c b/source3/rpcclient/display_sec.c
index 44e7e6e8aa..a428a95686 100644
--- a/source3/rpcclient/display_sec.c
+++ b/source3/rpcclient/display_sec.c
@@ -64,10 +64,10 @@ static const char *get_sec_mask_str(uint32 type)
case SEC_RIGHTS_ENUM_SUBKEYS : fstrcat(typestr, "Enum "); break;
case SEC_RIGHTS_NOTIFY : fstrcat(typestr, "Notify "); break;
case SEC_RIGHTS_CREATE_LINK : fstrcat(typestr, "CreateLink "); break;
- case SEC_RIGHTS_DELETE : fstrcat(typestr, "Delete "); break;
- case SEC_RIGHTS_READ_CONTROL : fstrcat(typestr, "ReadControl "); break;
- case SEC_RIGHTS_WRITE_DAC : fstrcat(typestr, "WriteDAC "); break;
- case SEC_RIGHTS_WRITE_OWNER : fstrcat(typestr, "WriteOwner "); break;
+ case DELETE_ACCESS : fstrcat(typestr, "Delete "); break;
+ case READ_CONTROL_ACCESS : fstrcat(typestr, "ReadControl "); break;
+ case WRITE_DAC_ACCESS : fstrcat(typestr, "WriteDAC "); break;
+ case WRITE_OWNER_ACCESS : fstrcat(typestr, "WriteOwner "); break;
}
type &= ~(1 << i);
}