summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-06-02 23:57:09 +0200
committerGünther Deschner <gd@samba.org>2010-06-03 11:00:25 +0200
commitb5c2af94475337b4769dc464a695ee29bc5e87c7 (patch)
tree735631192dcf23db54393979309f36b75a0db14d
parent37b978c343b5727c7257d7a0a574ba82bb0c9c0f (diff)
downloadsamba-b5c2af94475337b4769dc464a695ee29bc5e87c7.tar.gz
samba-b5c2af94475337b4769dc464a695ee29bc5e87c7.tar.bz2
samba-b5c2af94475337b4769dc464a695ee29bc5e87c7.zip
s3-security: use shared "File Object specific access rights".
Guenther
-rw-r--r--source3/include/rpc_secdes.h53
-rw-r--r--source3/modules/nfs4_acls.c2
-rw-r--r--source3/rpc_server/srv_eventlog_nt.c4
3 files changed, 3 insertions, 56 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index f3efe27d7f..97ccc9b0d1 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -51,57 +51,4 @@ struct standard_mapping {
#define STD_RIGHT_ALL_ACCESS 0x001F0000
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA 0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA 0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA 0x00000004
-#define SA_RIGHT_FILE_READ_EA 0x00000008
-#define SA_RIGHT_FILE_WRITE_EA 0x00000010
-#define SA_RIGHT_FILE_EXECUTE 0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
-
-#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_READ_DATA | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_WRITE_DATA | \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
- SA_RIGHT_FILE_WRITE_EA | \
- SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_EXECUTE)
-
-#define GENERIC_RIGHTS_FILE_MODIFY \
- (STANDARD_RIGHTS_MODIFY_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- STD_RIGHT_DELETE_ACCESS | \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_EXECUTE | \
- SA_RIGHT_FILE_WRITE_EA | \
- SA_RIGHT_FILE_READ_EA | \
- SA_RIGHT_FILE_APPEND_DATA | \
- SA_RIGHT_FILE_WRITE_DATA | \
- SA_RIGHT_FILE_READ_DATA)
-
#endif /* _RPC_SECDES_H */
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index a6b9c6ed01..3d4ab29510 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -553,7 +553,7 @@ static bool smbacl4_fill_ace4(
ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
ace_v4->aceMask = ace_nt->access_mask &
- (STD_RIGHT_ALL_ACCESS | SA_RIGHT_FILE_ALL_ACCESS);
+ (STD_RIGHT_ALL_ACCESS | SEC_FILE_ALL);
se_map_generic(&ace_v4->aceMask, &file_generic_mapping);
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 99185ef552..2d4c597358 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -129,7 +129,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
/* we have to have READ permission for a successful open */
- return ( info->access_granted & SA_RIGHT_FILE_READ_DATA );
+ return ( info->access_granted & SEC_FILE_READ_DATA );
}
/********************************************************************
@@ -439,7 +439,7 @@ NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
/* check for WRITE access to the file */
- if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
+ if ( !(info->access_granted & SEC_FILE_WRITE_DATA) )
return NT_STATUS_ACCESS_DENIED;
/* Force a close and reopen */