diff options
author | Tim Potter <tpot@samba.org> | 2003-07-25 00:39:06 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2003-07-25 00:39:06 +0000 |
commit | 2a7f874c4a7d14e31af63b1355363f193bcd6358 (patch) | |
tree | 8b371ea436d23b8a6be69208a50c047295f6fab1 | |
parent | 77373f1f8e3b2f61e9bbcd9fadfb83257d390cf2 (diff) | |
download | samba-2a7f874c4a7d14e31af63b1355363f193bcd6358.tar.gz samba-2a7f874c4a7d14e31af63b1355363f193bcd6358.tar.bz2 samba-2a7f874c4a7d14e31af63b1355363f193bcd6358.zip |
Jean-Baptiste Marchand on the ethereal list used some auditing tricks to
discover names for the SAMR specific permissions that were previously unknown.
The existing constant names differ from what win2k calls them but since they
aren't heavily used in Samba at the moment I'll leave them as they are.
Jean-Baptiste's data is at:
http://ethereal.ntop.org/lists/ethereal-dev/200307/msg00314.html
(This used to be commit ae77e9e55438a9807da3696fd0d31fba6d0f7370)
-rw-r--r-- | source3/include/rpc_secdes.h | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index fb7060cde3..5e718f8167 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -305,12 +305,12 @@ typedef struct standard_mapping { SA_RIGHT_FILE_EXECUTE) -/* SAM Object specific access rights */ +/* SAM server specific access rights */ -#define SA_RIGHT_SAM_UNKNOWN_1 0x00000001 +#define SA_RIGHT_SAM_CONNECT_SERVER 0x00000001 #define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002 -#define SA_RIGHT_SAM_UNKNOWN_4 0x00000004 -#define SA_RIGHT_SAM_UNKNOWN_8 0x00000008 +#define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004 +#define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008 #define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010 #define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020 @@ -326,14 +326,14 @@ typedef struct standard_mapping { #define GENERIC_RIGHTS_SAM_WRITE \ (STANDARD_RIGHTS_WRITE_ACCESS | \ - SA_RIGHT_SAM_UNKNOWN_8 | \ - SA_RIGHT_SAM_UNKNOWN_4 | \ + SA_RIGHT_SAM_CREATE_DOMAIN | \ + SA_RIGHT_SAM_INITIALISE_SERVER | \ SA_RIGHT_SAM_SHUTDOWN_SERVER) #define GENERIC_RIGHTS_SAM_EXECUTE \ (STANDARD_RIGHTS_EXECUTE_ACCESS | \ SA_RIGHT_SAM_OPEN_DOMAIN | \ - SA_RIGHT_SAM_UNKNOWN_1) + SA_RIGHT_SAM_CONNECT_SERVER) /* Domain Object specific access rights */ @@ -388,8 +388,8 @@ typedef struct standard_mapping { #define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040 #define SA_RIGHT_USER_SET_PASSWORD 0x00000080 #define SA_RIGHT_USER_GET_GROUPS 0x00000100 -#define SA_RIGHT_USER_UNKNOWN_200 0x00000200 -#define SA_RIGHT_USER_UNKNOWN_400 0x00000400 +#define SA_RIGHT_USER_READ_GROUP_MEM 0x00000200 +#define SA_RIGHT_USER_CHANGE_GROUP_MEM 0x00000400 #define SA_RIGHT_USER_ALL_ACCESS 0x000007FF @@ -399,7 +399,7 @@ typedef struct standard_mapping { #define GENERIC_RIGHTS_USER_READ \ (STANDARD_RIGHTS_READ_ACCESS | \ - SA_RIGHT_USER_UNKNOWN_200 | \ + SA_RIGHT_USER_READ_GROUP_MEM | \ SA_RIGHT_USER_GET_GROUPS | \ SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \ SA_RIGHT_USER_GET_LOGONINFO | \ |