summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-11-30 04:33:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:13 -0500
commitfdc9f417d89fdf9dd6afbc22843d70585e195c9d (patch)
treeca74e9c5b19771d7aecff06df93ebfaa3115c7da
parent2ed4ff13d509218785d9941dc17219958ab04223 (diff)
downloadsamba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.tar.gz
samba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.tar.bz2
samba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.zip
r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
-rw-r--r--source4/include/includes.h1
-rw-r--r--source4/include/rpc_secdes.h344
-rw-r--r--source4/include/structs.h2
-rw-r--r--source4/librpc/idl/security.idl94
-rw-r--r--source4/librpc/rpc/dcerpc_smb.c11
-rw-r--r--source4/ntvfs/common/opendb.c29
-rw-r--r--source4/ntvfs/ntvfs_generic.c31
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c80
-rw-r--r--source4/ntvfs/posix/pvfs_open.c24
-rw-r--r--source4/ntvfs/posix/pvfs_read.c5
-rw-r--r--source4/ntvfs/posix/pvfs_setfileinfo.c5
-rw-r--r--source4/ntvfs/posix/pvfs_write.c3
-rw-r--r--source4/smb_server/service.c19
-rw-r--r--source4/smbd/rewrite.c3
-rw-r--r--source4/torture/basic/attr.c14
-rw-r--r--source4/torture/basic/charset.c3
-rw-r--r--source4/torture/basic/delete.c93
-rw-r--r--source4/torture/basic/denytest.c51
-rw-r--r--source4/torture/basic/dir.c8
-rw-r--r--source4/torture/basic/disconnect.c3
-rw-r--r--source4/torture/basic/rename.c7
-rw-r--r--source4/torture/basic/scanner.c11
-rw-r--r--source4/torture/basic/unlink.c3
-rw-r--r--source4/torture/basic/utable.c11
-rw-r--r--source4/torture/gentest.c5
-rw-r--r--source4/torture/nbench/nbio.c11
-rw-r--r--source4/torture/raw/acls.c20
-rw-r--r--source4/torture/raw/chkpath.c43
-rw-r--r--source4/torture/raw/context.c7
-rw-r--r--source4/torture/raw/eas.c5
-rw-r--r--source4/torture/raw/mux.c3
-rw-r--r--source4/torture/raw/notify.c3
-rw-r--r--source4/torture/raw/open.c15
-rw-r--r--source4/torture/raw/oplock.c9
-rw-r--r--source4/torture/raw/qfileinfo.c16
-rw-r--r--source4/torture/raw/rename.c5
-rw-r--r--source4/torture/raw/streams.c5
-rw-r--r--source4/torture/rpc/samr.c2
-rw-r--r--source4/torture/rpc/svcctl.c1
-rw-r--r--source4/torture/torture.c73
-rw-r--r--source4/torture/torture_util.c18
41 files changed, 450 insertions, 646 deletions
diff --git a/source4/include/includes.h b/source4/include/includes.h
index c5842f84da..6335780b89 100644
--- a/source4/include/includes.h
+++ b/source4/include/includes.h
@@ -169,7 +169,6 @@ extern int errno;
#include "enums.h"
#include "pstring.h"
#include "smb_macros.h"
-#include "rpc_secdes.h"
#include "smb.h"
#include "ads.h"
#include "lib/socket/socket.h"
diff --git a/source4/include/rpc_secdes.h b/source4/include/rpc_secdes.h
deleted file mode 100644
index 1a7e56974a..0000000000
--- a/source4/include/rpc_secdes.h
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SMB parameters and setup
- Copyright (C) Andrew Tridgell 1992-2000
- Copyright (C) Luke Kenneth Casson Leighton 1996-2000
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-typedef struct security_descriptor SEC_DESC;
-
-#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
-#define _RPC_SECDES_H
-
-#define SEC_RIGHTS_QUERY_VALUE 0x00000001
-#define SEC_RIGHTS_SET_VALUE 0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
-#define SEC_RIGHTS_NOTIFY 0x00000010
-#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_READ 0x00020019
-#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
-/* for ADS */
-#define SEC_RIGHTS_LIST_CONTENTS 0x4
-#define SEC_RIGHTS_LIST_OBJECT 0x80
-#define SEC_RIGHTS_READ_ALL_PROP 0x10
-#define SEC_RIGHTS_READ_PERMS 0x20000
-#define SEC_RIGHTS_WRITE_ALL_VALID 0x8
-#define SEC_RIGHTS_WRITE_ALL_PROP 0x20
-#define SEC_RIGHTS_MODIFY_OWNER 0x80000
-#define SEC_RIGHTS_MODIFY_PERMS 0x40000
-#define SEC_RIGHTS_CREATE_CHILD 0x1
-#define SEC_RIGHTS_DELETE_CHILD 0x2
-#define SEC_RIGHTS_DELETE_SUBTREE 0x40
-#define SEC_RIGHTS_DELETE 0x10000 /* advanced/special/object/delete */
-#define SEC_RIGHTS_EXTENDED 0x100 /* change/reset password, receive/send as*/
-#define SEC_RIGHTS_CHANGE_PASSWD SEC_RIGHTS_EXTENDED
-#define SEC_RIGHTS_RESET_PASSWD SEC_RIGHTS_EXTENDED
-#define SEC_RIGHTS_FULL_CTRL 0xf01ff
-
-/* Don't know what this means. */
-
-/* security information flags used in query_secdesc and set_secdesc */
-#define OWNER_SECURITY_INFORMATION 0x00000001
-#define GROUP_SECURITY_INFORMATION 0x00000002
-#define DACL_SECURITY_INFORMATION 0x00000004
-#define SACL_SECURITY_INFORMATION 0x00000008
-
-/* Extra W2K flags. */
-#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
-#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
-#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
-#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
-
-#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
- DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
- UNPROTECTED_SACL_SECURITY_INFORMATION|\
- UNPROTECTED_DACL_SECURITY_INFORMATION|\
- PROTECTED_SACL_SECURITY_INFORMATION|\
- PROTECTED_DACL_SECURITY_INFORMATION)
-
-#ifndef ACL_REVISION
-#define ACL_REVISION 0x3
-#endif
-
-#ifndef NT4_ACL_REVISION
-#define NT4_ACL_REVISION 0x2
-#endif
-
-#ifndef SEC_DESC_REVISION
-#define SEC_DESC_REVISION 0x1
-#endif
-
-
-/* Security Access Masks Rights */
-
-#define SPECIFIC_RIGHTS_MASK 0x0000FFFF
-#define STANDARD_RIGHTS_MASK 0x00FF0000
-#define GENERIC_RIGHTS_MASK 0xF0000000
-
-#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
-#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
-
-/* Generic access rights */
-
-#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
-#define GENERIC_RIGHT_EXECUTE_ACCESS 0x20000000
-#define GENERIC_RIGHT_WRITE_ACCESS 0x40000000
-#define GENERIC_RIGHT_READ_ACCESS 0x80000000
-
-/* Standard access rights. */
-
-#define STD_RIGHT_DELETE_ACCESS 0x00010000
-#define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
-#define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
-#define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
-#define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
-
-#define STD_RIGHT_ALL_ACCESS 0x001F0000
-
-/* Combinations of standard masks. */
-#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
-#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_REQUIRED_ACCESS \
- (STD_RIGHT_DELETE_ACCESS | \
- STD_RIGHT_READ_CONTROL_ACCESS | \
- STD_RIGHT_WRITE_DAC_ACCESS | \
- STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */
-
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA 0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA 0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA 0x00000004
-#define SA_RIGHT_FILE_READ_EA 0x00000008
-#define SA_RIGHT_FILE_WRITE_EA 0x00000010
-#define SA_RIGHT_FILE_EXECUTE 0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
-#define SA_RIGHT_FILE_READ_EXEC (SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE)
-#define SA_RIGHT_FILE_WRITE_APPEND (SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA)
-
-#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_READ_DATA | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_WRITE_DATA | \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
- SA_RIGHT_FILE_WRITE_EA | \
- SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_EXECUTE)
-
-
-/* directory specific access rights */
-#define SA_RIGHT_DIR_LIST 0x0001
-#define SA_RIGHT_DIR_ADD_FILE 0x0002
-#define SA_RIGHT_DIR_ADD_SUBDIRECTORY 0x0004
-#define SA_RIGHT_DIR_TRAVERSE 0x0020
-#define SA_RIGHT_DIR_DELETE_CHILD 0x0040
-
-
-/* SAM server specific access rights */
-
-#define SA_RIGHT_SAM_CONNECT_SERVER 0x00000001
-#define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
-#define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004
-#define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008
-#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
-
-#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
-
-#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_SAM_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_SAM_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_SAM_ENUM_DOMAINS)
-
-#define GENERIC_RIGHTS_SAM_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_SAM_CREATE_DOMAIN | \
- SA_RIGHT_SAM_INITIALISE_SERVER | \
- SA_RIGHT_SAM_SHUTDOWN_SERVER)
-
-#define GENERIC_RIGHTS_SAM_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_SAM_OPEN_DOMAIN | \
- SA_RIGHT_SAM_CONNECT_SERVER)
-
-
-/* Domain Object specific access rights */
-
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
-#define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
-#define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
-#define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
-#define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
-#define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
-#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
-#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
-#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
-#define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
-
-#define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_DOMAIN_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_DOMAIN_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
-
-#define GENERIC_RIGHTS_DOMAIN_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_DOMAIN_SET_INFO_3 | \
- SA_RIGHT_DOMAIN_CREATE_ALIAS | \
- SA_RIGHT_DOMAIN_CREATE_GROUP | \
- SA_RIGHT_DOMAIN_CREATE_USER | \
- SA_RIGHT_DOMAIN_SET_INFO_2 | \
- SA_RIGHT_DOMAIN_SET_INFO_1)
-
-#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
-
-
-/* User Object specific access rights */
-
-#define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
-#define SA_RIGHT_USER_GET_LOCALE 0x00000002
-#define SA_RIGHT_USER_SET_LOC_COM 0x00000004
-#define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
-#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
-#define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
-#define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
-#define SA_RIGHT_USER_SET_PASSWORD 0x00000080
-#define SA_RIGHT_USER_GET_GROUPS 0x00000100
-#define SA_RIGHT_USER_READ_GROUP_MEM 0x00000200
-#define SA_RIGHT_USER_CHANGE_GROUP_MEM 0x00000400
-
-#define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_USER_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
-
-#define GENERIC_RIGHTS_USER_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_USER_READ_GROUP_MEM | \
- SA_RIGHT_USER_GET_GROUPS | \
- SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
- SA_RIGHT_USER_GET_LOGONINFO | \
- SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
-
-#define GENERIC_RIGHTS_USER_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */
-
-#define GENERIC_RIGHTS_USER_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
-
-
-/* Group Object specific access rights */
-
-#define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
-#define SA_RIGHT_GROUP_SET_INFO 0x00000002
-#define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
-#define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
-#define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
-
-#define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_GROUP_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
-
-#define GENERIC_RIGHTS_GROUP_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_GROUP_REMOVE_MEMBER | \
- SA_RIGHT_GROUP_ADD_MEMBER | \
- SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
-
-#define GENERIC_RIGHTS_GROUP_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
-
-
-/* Alias Object specific access rights */
-
-#define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
-#define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
-#define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
-#define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
-#define SA_RIGHT_ALIAS_SET_INFO 0x00000010
-
-#define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_ALIAS_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
-
-#define GENERIC_RIGHTS_ALIAS_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_ALIAS_REMOVE_MEMBER | \
- SA_RIGHT_ALIAS_ADD_MEMBER | \
- SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
-
-#define GENERIC_RIGHTS_ALIAS_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
-
-#endif /* _RPC_SECDES_H */
diff --git a/source4/include/structs.h b/source4/include/structs.h
index ae3713eefd..4204cdab15 100644
--- a/source4/include/structs.h
+++ b/source4/include/structs.h
@@ -125,3 +125,5 @@ struct ldb_message;
struct security_token;
struct security_acl;
struct security_ace;
+
+typedef struct security_descriptor SEC_DESC;
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 9625153ec1..817b57a780 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -6,6 +6,90 @@
interface security
{
+ /*
+ access masks are divided up like this:
+ 0xabccdddd
+ where
+ a = generic rights bits SEC_GENERIC_
+ b = flags SEC_FLAG_
+ c = standard rights bits SEC_STD_
+ d = object type specific bits SEC_{FILE,DIR,REG,xxx}_
+
+ common combinations of bits are prefixed with SEC_RIGHTS_
+ */
+ const int SEC_MASK_GENERIC = 0xF0000000;
+ const int SEC_MASK_FLAGS = 0x0F000000;
+ const int SEC_MASK_STANDARD = 0x00FF0000;
+ const int SEC_MASK_SPECIFIC = 0x0000FFFF;
+
+ /* generic bits */
+ const int SEC_GENERIC_ALL = 0x10000000;
+ const int SEC_GENERIC_EXECUTE = 0x20000000;
+ const int SEC_GENERIC_WRITE = 0x40000000;
+ const int SEC_GENERIC_READ = 0x80000000;
+
+ /* flag bits */
+ const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000;
+ const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000;
+
+ /* standard bits */
+ const int SEC_STD_DELETE = 0x00010000;
+ const int SEC_STD_READ_CONTROL = 0x00020000;
+ const int SEC_STD_WRITE_DAC = 0x00040000;
+ const int SEC_STD_WRITE_OWNER = 0x00080000;
+ const int SEC_STD_SYNCHRONIZE = 0x00100000;
+ const int SEC_STD_REQUIRED = 0x000F0000;
+ const int SEC_STD_ALL = 0x001F0000;
+
+ /* file specific bits */
+ const int SEC_FILE_READ_DATA = 0x00000001;
+ const int SEC_FILE_WRITE_DATA = 0x00000002;
+ const int SEC_FILE_APPEND_DATA = 0x00000004;
+ const int SEC_FILE_READ_EA = 0x00000008;
+ const int SEC_FILE_WRITE_EA = 0x00000010;
+ const int SEC_FILE_EXECUTE = 0x00000020;
+ const int SEC_FILE_READ_ATTRIBUTE = 0x00000080;
+ const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100;
+ const int SEC_FILE_ALL = 0x000001ff;
+
+ /* directory specific bits */
+ const int SEC_DIR_LIST = 0x00000001;
+ const int SEC_DIR_ADD_FILE = 0x00000002;
+ const int SEC_DIR_ADD_SUBDIR = 0x00000004;
+ const int SEC_DIR_READ_EA = 0x00000008;
+ const int SEC_DIR_WRITE_EA = 0x00000010;
+ const int SEC_DIR_TRAVERSE = 0x00000020;
+ const int SEC_DIR_DELETE_CHILD = 0x00000040;
+ const int SEC_DIR_READ_ATTRIBUTE = 0x00000080;
+ const int SEC_DIR_WRITE_ATTRIBUTE = 0x00000100;
+
+ /* registry entry specific bits */
+ const int SEC_REG_QUERY_VALUE = 0x00000001;
+ const int SEC_REG_SET_VALUE = 0x00000002;
+ const int SEC_REG_CREATE_SUBKEY = 0x00000004;
+ const int SEC_REG_ENUM_SUBKEYS = 0x00000008;
+ const int SEC_REG_NOTIFY = 0x00000010;
+ const int SEC_REG_CREATE_LINK = 0x00000020;
+
+ /* common combinations of bits */
+ const int SEC_RIGHTS_FULL_CONTROL = SEC_STD_ALL | SEC_FILE_ALL;
+
+ const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL |
+ SEC_STD_SYNCHRONIZE |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_READ_EA;
+
+ const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL |
+ SEC_STD_SYNCHRONIZE |
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_APPEND_DATA;
+
+ const int SEC_RIGHTS_MAXIMUM_ALLOWED = SEC_FLAG_MAXIMUM_ALLOWED;
+
+
/* a NULL sid */
const string SID_NULL = "S-1-0-0";
@@ -83,6 +167,8 @@ interface security
dom_sid trustee;
} security_ace;
+ const int NT4_ACL_REVISION = 0x2;
+
typedef [public] struct {
uint16 revision;
[value(ndr_size_security_acl(r))] uint16 size;
@@ -111,6 +197,14 @@ interface security
const int SEC_DESC_RM_CONTROL_VALID = 0x4000;
const int SEC_DESC_SELF_RELATIVE = 0x8000;
+ /* bits that determine which parts of a security descriptor
+ are being queried/set */
+ const int SECINFO_OWNER = 0x00000001;
+ const int SECINFO_GROUP = 0x00000002;
+ const int SECINFO_DACL = 0x00000004;
+ const int SECINFO_SACL = 0x00000008;
+
+
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
uint8 revision;
uint16 type; /* SEC_DESC_xxxx flags */
diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
index 25f3ea277a..d04b067eeb 100644
--- a/source4/librpc/rpc/dcerpc_smb.c
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* transport private information used by SMB pipe transport */
struct smb_private {
@@ -379,11 +380,11 @@ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe **p,
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask =
- STD_RIGHT_READ_CONTROL_ACCESS |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES |
- SA_RIGHT_FILE_WRITE_EA |
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_STD_READ_CONTROL |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA;
io.ntcreatex.in.file_attr = 0;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.share_access =
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c
index 99c013fc84..8947a5d255 100644
--- a/source4/ntvfs/common/opendb.c
+++ b/source4/ntvfs/common/opendb.c
@@ -40,6 +40,7 @@
#include "includes.h"
#include "messages.h"
+#include "librpc/gen_ndr/ndr_security.h"
struct odb_context {
struct tdb_wrap *w;
@@ -157,14 +158,18 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
/* if either open involves no read.write or delete access then
it can't conflict */
- if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e1->access_mask & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return False;
}
- if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e2->access_mask & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return False;
}
@@ -176,24 +181,24 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
}
CHECK_MASK(e1->access_mask, e2->share_access,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e2->access_mask, e1->share_access,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e1->access_mask, e2->share_access,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e2->access_mask, e1->share_access,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e1->access_mask, e2->share_access,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
CHECK_MASK(e2->access_mask, e1->share_access,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
/* if a delete is pending then a second open is not allowed */
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index a9bc8120c8..49de8944ff 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -33,6 +33,7 @@
#include "includes.h"
#include "smb_server/smb_server.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* a second stage function converts from the out parameters of the generic
call onto the out parameters of the specific call made */
@@ -178,7 +179,7 @@ static NTSTATUS ntvfs_map_open_finish(struct smbsrv_request *req,
io->openx.out.devstate = 0;
io->openx.out.action = io2->generic.out.create_action;
io->openx.out.unique_fid = 0;
- io->openx.out.access_mask = STANDARD_RIGHTS_ALL_ACCESS;
+ io->openx.out.access_mask = SEC_STD_ALL;
io->openx.out.unknown = 0;
/* we need to extend the file to the requested size if
@@ -280,17 +281,19 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
switch (io->openx.in.open_mode & OPENX_MODE_ACCESS_MASK) {
case OPENX_MODE_ACCESS_READ:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openx.out.access = OPENX_MODE_ACCESS_READ;
break;
case OPENX_MODE_ACCESS_WRITE:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_WRITE;
break;
case OPENX_MODE_ACCESS_RDWR:
case OPENX_MODE_ACCESS_FCB:
case OPENX_MODE_ACCESS_EXEC:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE | GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask =
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_RDWR;
break;
default:
@@ -381,17 +384,17 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN;
switch (io->openold.in.flags & OPEN_FLAGS_MODE_MASK) {
case OPEN_FLAGS_OPEN_READ:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openold.out.rmode = DOS_OPEN_RDONLY;
break;
case OPEN_FLAGS_OPEN_WRITE:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_WRONLY;
break;
case OPEN_FLAGS_OPEN_RDWR:
case 0xf: /* FCB mode */
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_RDWR; /* assume we got r/w */
break;
default:
@@ -463,8 +466,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
@@ -476,8 +479,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
@@ -493,8 +496,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
generate_random_str_list(io2, 5, "0123456789"));
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 2ff873fd78..2fff6db628 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -71,7 +71,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
- Group
- Everyone
*/
- access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS;
+ access_masks[0] = SEC_RIGHTS_FULL_CONTROL;
access_masks[1] = 0;
access_masks[2] = 0;
access_masks[3] = 0;
@@ -80,54 +80,54 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
if (mode & S_IRUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES |
- STD_RIGHT_DELETE_ACCESS;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_STD_DELETE;
}
if (mode & S_IRGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
if (mode & S_IROTH) {
access_masks[3] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWOTH) {
access_masks[3] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
@@ -163,16 +163,16 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
*/
static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags)
{
- if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_OWNER)) {
sd->owner_sid = NULL;
}
- if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_GROUP)) {
sd->group_sid = NULL;
}
- if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_DACL)) {
sd->dacl = NULL;
}
- if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_SACL)) {
sd->sacl = NULL;
}
}
@@ -214,16 +214,16 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
new_sd = info->set_secdesc.in.sd;
/* only set the elements that have been specified */
- if (secinfo_flags & OWNER_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_OWNER) {
sd->owner_sid = new_sd->owner_sid;
}
- if (secinfo_flags & GROUP_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_GROUP) {
sd->group_sid = new_sd->group_sid;
}
- if (secinfo_flags & DACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_DACL) {
sd->dacl = new_sd->dacl;
}
- if (secinfo_flags & SACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_SACL) {
sd->sacl = new_sd->sacl;
}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 3d0e444d29..4b8de28488 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -380,11 +380,11 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
return NT_STATUS_CANNOT_DELETE;
}
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags = O_RDWR;
} else {
flags = O_RDONLY;
@@ -460,7 +460,7 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
union smb_setfileinfo set;
set.set_secdesc.file.fnum = fnum;
- set.set_secdesc.in.secinfo_flags = DACL_SECURITY_INFORMATION;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
set.set_secdesc.in.sd = io->ntcreatex.in.sec_desc;
status = pvfs_acl_set(pvfs, req, name, fd, &set);
@@ -676,7 +676,7 @@ static NTSTATUS pvfs_open_deny_dos(struct ntvfs_module_context *ntvfs,
(f2->handle->create_options &
(NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
- (f2->access_mask & SA_RIGHT_FILE_WRITE_DATA) &&
+ (f2->access_mask & SEC_FILE_WRITE_DATA) &&
StrCaseCmp(f2->handle->name->original_name,
io->generic.in.fname)==0) {
break;
@@ -862,17 +862,17 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
share_access = io->generic.in.share_access;
access_mask = io->generic.in.access_mask;
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) {
- access_mask = GENERIC_RIGHTS_FILE_READ;
+ access_mask = SEC_RIGHTS_FILE_READ;
} else {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
}
/* certain create options are not allowed */
if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
- !(access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ !(access_mask & SEC_STD_DELETE)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -914,7 +914,7 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags |= O_RDWR;
} else {
flags |= O_RDONLY;
@@ -1240,7 +1240,7 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_WRITE |
NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
@@ -1263,7 +1263,7 @@ NTSTATUS pvfs_can_rename(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE,
0,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
index 793a97ba62..db597d7097 100644
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "vfs_posix.h"
#include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
read from a file
@@ -50,9 +51,9 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- mask = SA_RIGHT_FILE_READ_DATA;
+ mask = SEC_FILE_READ_DATA;
if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
- mask |= SA_RIGHT_FILE_EXECUTE;
+ mask |= SEC_FILE_EXECUTE;
}
if (!(f->access_mask & mask)) {
return NT_STATUS_ACCESS_DENIED;
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 5a758a6b70..c43ef5c40a 100644
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -258,7 +258,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
case RAW_SFILEINFO_DISPOSITION_INFO:
case RAW_SFILEINFO_DISPOSITION_INFORMATION:
- if (!(f->access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ if (!(f->access_mask & SEC_STD_DELETE)) {
return NT_STATUS_ACCESS_DENIED;
}
create_options = h->create_options;
@@ -322,7 +322,8 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
}
} else {
int ret;
- if (f->access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (f->access_mask &
+ (SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA)) {
ret = ftruncate(h->fd, newstats.st.st_size);
} else {
ret = truncate(h->name->full_name, newstats.st.st_size);
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c
index 3f6e8d908a..025ea3f3eb 100644
--- a/source4/ntvfs/posix/pvfs_write.c
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "vfs_posix.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
@@ -48,7 +49,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
+ if (!(f->access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA))) {
return NT_STATUS_ACCESS_VIOLATION;
}
diff --git a/source4/smb_server/service.c b/source4/smb_server/service.c
index 815a58ce70..12a983e41b 100644
--- a/source4/smb_server/service.c
+++ b/source4/smb_server/service.c
@@ -161,25 +161,6 @@ static NTSTATUS make_connection_snum(struct smbsrv_request *req,
tcon->service = snum;
- /*
- * New code to check if there's a share security descripter
- * added from NT server manager. This is done after the
- * smb.conf checks are done as we need a uid and token. JRA.
- *
- */
-
- if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_WRITE_DATA)) {
- if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_READ_DATA)) {
- /* No access, read or write. */
- DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
- lp_servicename(snum)));
- conn_free(req->smb_conn, tcon);
- return NT_STATUS_ACCESS_DENIED;
- } else {
- tcon->read_only = True;
- }
- }
-
/* init ntvfs function pointers */
status = ntvfs_init_connection(req, type);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/smbd/rewrite.c b/source4/smbd/rewrite.c
index d22e3c28c3..8e7ddc405e 100644
--- a/source4/smbd/rewrite.c
+++ b/source4/smbd/rewrite.c
@@ -10,9 +10,6 @@
BOOL pcap_printername_ok(const char *service, const char *foo)
{ return True; }
-BOOL share_access_check(struct smbsrv_request *req, struct smbsrv_tcon *tcon, int snum, uint32_t desired_access)
-{ return True; }
-
/*
* initialize an smb process. Guaranteed to be called only once per
* smbd instance (so it can assume it is starting from scratch, and
diff --git a/source4/torture/basic/attr.c b/source4/torture/basic/attr.c
index 5cd05d9647..07a36ea950 100644
--- a/source4/torture/basic/attr.c
+++ b/source4/torture/basic/attr.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
extern int torture_failures;
@@ -103,7 +104,9 @@ BOOL torture_openattrtest(void)
for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32_t); i++) {
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_WRITE_DATA, open_attrs_table[i],
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_FILE_WRITE_DATA,
+ open_attrs_table[i],
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -118,10 +121,11 @@ BOOL torture_openattrtest(void)
for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA,
- open_attrs_table[j],
- NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OVERWRITE, 0, 0);
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA,
+ open_attrs_table[j],
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OVERWRITE, 0, 0);
if (fnum1 == -1) {
for (l = 0; l < ARRAY_SIZE(attr_results); l++) {
diff --git a/source4/torture/basic/charset.c b/source4/torture/basic/charset.c
index 4f57eba64a..1024c1cd26 100644
--- a/source4/torture/basic/charset.c
+++ b/source4/torture/basic/charset.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\chartest\\"
@@ -67,7 +68,7 @@ static NTSTATUS unicode_open(struct smbcli_tree *tree,
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c
index 742a51bcaa..99be602de9 100644
--- a/source4/torture/basic/delete.c
+++ b/source4/torture/basic/delete.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
@@ -47,9 +48,11 @@ BOOL torture_test_delete(void)
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
- NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
+ NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@@ -80,9 +83,10 @@ BOOL torture_test_delete(void)
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@@ -124,7 +128,7 @@ BOOL torture_test_delete(void)
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_ALL_ACCESS,
+ SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@@ -140,7 +144,7 @@ BOOL torture_test_delete(void)
with SHARE_DELETE. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OPEN, 0, 0);
@@ -154,8 +158,11 @@ BOOL torture_test_delete(void)
/* This should succeed. */
- fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN, 0, 0);
+ fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FILE_READ,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+ NTCREATEX_DISP_OPEN, 0, 0);
if (fnum2 == -1) {
printf("(%s) open - 2 of %s failed (%s)\n",
@@ -211,12 +218,12 @@ BOOL torture_test_delete(void)
}
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_WRITE_DATA |
- STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA |
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@@ -226,7 +233,8 @@ BOOL torture_test_delete(void)
}
/* This should succeed. */
- fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_READ,
+ fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE |
@@ -255,7 +263,7 @@ BOOL torture_test_delete(void)
/* This should fail - no more opens once delete on close set. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OPEN, 0, 0);
@@ -309,7 +317,7 @@ BOOL torture_test_delete(void)
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA,
+ SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE |
@@ -346,10 +354,11 @@ BOOL torture_test_delete(void)
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_WRITE_DATA |
- STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL, 0, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA |
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL, 0,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@@ -409,9 +418,13 @@ BOOL torture_test_delete(void)
goto fail;
}
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
- NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@@ -420,9 +433,13 @@ BOOL torture_test_delete(void)
goto fail;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
- NTCREATEX_DISP_OPEN, 0, 0);
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+ NTCREATEX_DISP_OPEN, 0, 0);
if (fnum2 == -1) {
printf("(%s) open of %s failed (%s)\n",
@@ -464,7 +481,7 @@ BOOL torture_test_delete(void)
/* This should fail - we need to set DELETE_ACCESS. */
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA,
+ SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF,
@@ -480,7 +497,9 @@ BOOL torture_test_delete(void)
printf("ninth delete on close test succeeded.\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_STD_DELETE,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF,
@@ -514,9 +533,9 @@ BOOL torture_test_delete(void)
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
-
+
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_ALL_ACCESS,
+ SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_READONLY,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@@ -551,9 +570,11 @@ BOOL torture_test_delete(void)
/* test 12 - does having read only attribute still allow delete on close at time of open. */
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_READONLY,
- NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
- NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_READONLY,
+ NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
+ NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
if (fnum1 != -1) {
printf("(%s) open of %s succeeded. Should fail with NT_STATUS_CANNOT_DELETE.\n",
diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c
index 8373e786fe..70d7a2b2a1 100644
--- a/source4/torture/basic/denytest.c
+++ b/source4/torture/basic/denytest.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
extern BOOL torture_showall;
extern int torture_failures;
@@ -1699,49 +1700,53 @@ static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2,
}} while (0)
*res = A_0;
- if (am2 & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (am2 & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
*res += A_W;
}
- if (am2 & SA_RIGHT_FILE_READ_DATA) {
+ if (am2 & SEC_FILE_READ_DATA) {
*res += A_R;
- } else if ((am2 & SA_RIGHT_FILE_EXECUTE) &&
+ } else if ((am2 & SEC_FILE_EXECUTE) &&
(flags2 & FLAGS2_READ_PERMIT_EXECUTE)) {
*res += A_R;
}
/* if either open involves no read.write or delete access then
it can't conflict */
- if (!(am1 & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(am1 & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return NT_STATUS_OK;
}
- if (!(am2 & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(am2 & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return NT_STATUS_OK;
}
/* check the basic share access */
CHECK_MASK(am1, sa2,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(am2, sa1,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(am1, sa2,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(am2, sa1,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(am1, sa2,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
CHECK_MASK(am2, sa1,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
return NT_STATUS_OK;
@@ -1758,14 +1763,14 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
{ NTCREATEX_SHARE_ACCESS_DELETE, "S_D" }
};
const struct bit_value access_mask_bits[] = {
- { SA_RIGHT_FILE_READ_DATA, "R_DATA" },
- { SA_RIGHT_FILE_WRITE_DATA, "W_DATA" },
- { SA_RIGHT_FILE_READ_ATTRIBUTES, "R_ATTR" },
- { SA_RIGHT_FILE_WRITE_ATTRIBUTES, "W_ATTR" },
- { SA_RIGHT_FILE_READ_EA, "R_EAS " },
- { SA_RIGHT_FILE_WRITE_EA, "W_EAS " },
- { SA_RIGHT_FILE_APPEND_DATA, "A_DATA" },
- { SA_RIGHT_FILE_EXECUTE, "EXEC " }
+ { SEC_FILE_READ_DATA, "R_DATA" },
+ { SEC_FILE_WRITE_DATA, "W_DATA" },
+ { SEC_FILE_READ_ATTRIBUTE, "R_ATTR" },
+ { SEC_FILE_WRITE_ATTRIBUTE, "W_ATTR" },
+ { SEC_FILE_READ_EA, "R_EAS " },
+ { SEC_FILE_WRITE_EA, "W_EAS " },
+ { SEC_FILE_APPEND_DATA, "A_DATA" },
+ { SEC_FILE_EXECUTE, "EXEC " }
};
int fnum1;
int i;
diff --git a/source4/torture/basic/dir.c b/source4/torture/basic/dir.c
index 6e2e21fc08..0f962e6cf1 100644
--- a/source4/torture/basic/dir.c
+++ b/source4/torture/basic/dir.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
static void list_fn(struct file_info *finfo, const char *name, void *state)
{
@@ -109,8 +110,11 @@ BOOL torture_dirtest2(void)
for (i=0;i<torture_entries;i++) {
char *fname;
asprintf(&fname, "\\LISTDIR\\f%d", i);
- fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
- NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_ARCHIVE,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum == -1) {
fprintf(stderr,"(%s) Failed to open %s, error=%s\n",
__location__, fname, smbcli_errstr(cli->tree));
diff --git a/source4/torture/basic/disconnect.c b/source4/torture/basic/disconnect.c
index a225178b96..898fc41b4e 100644
--- a/source4/torture/basic/disconnect.c
+++ b/source4/torture/basic/disconnect.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_disconnect"
@@ -47,7 +48,7 @@ static BOOL test_disconnect_open(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_DATA;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
diff --git a/source4/torture/basic/rename.c b/source4/torture/basic/rename.c
index e26c85b5df..3f7be04a8e 100644
--- a/source4/torture/basic/rename.c
+++ b/source4/torture/basic/rename.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
Test rename on files open with share delete and no share delete.
@@ -42,7 +43,7 @@ BOOL torture_test_rename(void)
smbcli_unlink(cli1->tree, fname);
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@@ -69,7 +70,7 @@ BOOL torture_test_rename(void)
smbcli_unlink(cli1->tree, fname);
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|NTCREATEX_SHARE_ACCESS_READ,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@@ -97,7 +98,7 @@ BOOL torture_test_rename(void)
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- STD_RIGHT_READ_CONTROL_ACCESS,
+ SEC_STD_READ_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
diff --git a/source4/torture/basic/scanner.c b/source4/torture/basic/scanner.c
index ad4220b9ad..08a870334d 100644
--- a/source4/torture/basic/scanner.c
+++ b/source4/torture/basic/scanner.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define VERBOSE 0
#define OP_MIN 0
@@ -255,10 +256,12 @@ BOOL torture_trans2_scan(void)
printf("file open failed - %s\n", smbcli_errstr(cli->tree));
}
dnum = smbcli_nt_create_full(cli->tree, "\\",
- 0, GENERIC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OPEN,
- NTCREATEX_OPTIONS_DIRECTORY, 0);
+ 0,
+ SEC_RIGHTS_FILE_READ,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OPEN,
+ NTCREATEX_OPTIONS_DIRECTORY, 0);
if (dnum == -1) {
printf("directory open failed - %s\n", smbcli_errstr(cli->tree));
}
diff --git a/source4/torture/basic/unlink.c b/source4/torture/basic/unlink.c
index dd2ff5a5c5..3fe0ea8f28 100644
--- a/source4/torture/basic/unlink.c
+++ b/source4/torture/basic/unlink.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
This test checks that
@@ -81,7 +82,7 @@ BOOL torture_unlinktest(void)
io.ntcreatex.in.security_flags = 0;
io.ntcreatex.in.fname = fname;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
status = smb_raw_open(cli->tree, cli, &io);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/torture/basic/utable.c b/source4/torture/basic/utable.c
index 30d389dd92..dcd00b9fbb 100644
--- a/source4/torture/basic/utable.c
+++ b/source4/torture/basic/utable.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "system/iconv.h"
+#include "librpc/gen_ndr/ndr_security.h"
BOOL torture_utable(void)
{
@@ -148,13 +149,13 @@ BOOL torture_casetable(void)
fname = form_name(c);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
#if 0
- SEC_RIGHT_MAXIMUM_ALLOWED,
+ SEC_RIGHT_MAXIMUM_ALLOWED,
#else
- GENERIC_RIGHTS_FILE_ALL_ACCESS,
+ SEC_RIGHTS_FULL_CONTROL,
#endif
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OPEN_IF, 0, 0);
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum == -1) {
printf("Failed to create file with char %04x\n", c);
diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
index 4d3820793f..35b835b37f 100644
--- a/source4/torture/gentest.c
+++ b/source4/torture/gentest.c
@@ -23,6 +23,7 @@
#include "system/time.h"
#include "request.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define NSERVERS 2
#define NINSTANCES 2
@@ -526,8 +527,8 @@ static uint32_t gen_ntcreatex_flags(void)
*/
static uint32_t gen_access_mask(void)
{
- if (gen_chance(50)) return SEC_RIGHT_MAXIMUM_ALLOWED;
- if (gen_chance(20)) return GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ if (gen_chance(50)) return SEC_RIGHTS_MAXIMUM_ALLOWED;
+ if (gen_chance(20)) return SEC_FILE_ALL;
return gen_bits_mask(0xFFFFFFFF);
}
diff --git a/source4/torture/nbench/nbio.c b/source4/torture/nbench/nbio.c
index e3c40f9ba1..34de81c5b3 100644
--- a/source4/torture/nbench/nbio.c
+++ b/source4/torture/nbench/nbio.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "system/time.h"
#include "dlinklist.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define MAX_FILES 100
@@ -247,13 +248,13 @@ void nb_createx(const char *fname,
mem_ctx = talloc_init("raw_open");
if (create_options & NTCREATEX_OPTIONS_DIRECTORY) {
- desired_access = SA_RIGHT_FILE_READ_DATA;
+ desired_access = SEC_FILE_READ_DATA;
} else {
desired_access =
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_WRITE_ATTRIBUTE;
flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index d0f4132be4..785e3c72dd 100644
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -53,7 +53,7 @@ static BOOL test_sd(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
@@ -71,9 +71,9 @@ static BOOL test_sd(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
q.query_secdesc.in.fnum = fnum;
q.query_secdesc.in.secinfo_flags =
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION;
+ SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL;
status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
sd = q.query_secdesc.out.sd;
@@ -84,7 +84,7 @@ static BOOL test_sd(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
- ace.access_mask = STD_RIGHT_ALL_ACCESS;
+ ace.access_mask = SEC_STD_ALL;
ace.trustee = *test_sid;
status = security_descriptor_dacl_add(sd, &ace);
@@ -154,7 +154,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
@@ -179,9 +179,9 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
q.query_secdesc.in.fnum = fnum;
q.query_secdesc.in.secinfo_flags =
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION;
+ SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL;
status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
sd = q.query_secdesc.out.sd;
@@ -194,7 +194,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
- ace.access_mask = STD_RIGHT_ALL_ACCESS;
+ ace.access_mask = SEC_STD_ALL;
ace.trustee = *test_sid;
status = security_descriptor_dacl_add(sd, &ace);
diff --git a/source4/torture/raw/chkpath.c b/source4/torture/raw/chkpath.c
index 4948949886..6379c3ce8d 100644
--- a/source4/torture/raw/chkpath.c
+++ b/source4/torture/raw/chkpath.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\rawchkpath"
@@ -127,13 +128,13 @@ static BOOL test_chkpath(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
printf("testing Open on %s\n", "\\.\\\\\\\\\\\\.");
/* findfirst seems to fail with a different error. */
fnum1 = smbcli_nt_create_full(cli->tree, "\\.\\\\\\\\\\\\.",
- 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ 0, SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
@@ -168,13 +169,13 @@ static BOOL test_chkpath(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
printf("testing Open on %s\n", BASEDIR".\\.\\.\\.\\foo\\..\\.\\");
/* findfirst seems to fail with a different error. */
fnum1 = smbcli_nt_create_full(cli->tree, BASEDIR".\\.\\.\\.\\foo\\..\\.\\",
- 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ 0, SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
@@ -186,13 +187,13 @@ static BOOL test_chkpath(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
/* findfirst seems to fail with a different error. */
printf("testing Open on %s\n", BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3");
fnum1 = smbcli_nt_create_full(cli->tree, BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3",
- 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ 0, SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c
index 446ada80a6..581705c1e4 100644
--- a/source4/torture/raw/context.c
+++ b/source4/torture/raw/context.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\rawcontext"
@@ -139,7 +140,7 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@@ -241,7 +242,7 @@ static BOOL test_tree(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@@ -326,7 +327,7 @@ static BOOL test_pid(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
diff --git a/source4/torture/raw/eas.c b/source4/torture/raw/eas.c
index 57ca8de35c..949643872d 100644
--- a/source4/torture/raw/eas.c
+++ b/source4/torture/raw/eas.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\testeas"
@@ -105,7 +106,7 @@ static BOOL test_eas(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
@@ -206,7 +207,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
diff --git a/source4/torture/raw/mux.c b/source4/torture/raw/mux.c
index 9afbc7c506..fce036a5e6 100644
--- a/source4/torture/raw/mux.c
+++ b/source4/torture/raw/mux.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_mux"
@@ -51,7 +52,7 @@ static BOOL test_mux_open(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_DATA;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c
index 0156f5b251..2a5a0ca074 100644
--- a/source4/torture/raw/notify.c
+++ b/source4/torture/raw/notify.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_notify"
@@ -77,7 +78,7 @@ BOOL torture_raw_notify(void)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_ALL;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c
index f938c82cfb..9d8e360f00 100644
--- a/source4/torture/raw/open.c
+++ b/source4/torture/raw/open.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "system/time.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* enum for whether reads/writes are possible on a file */
enum rdwr_mode {RDWR_NONE, RDWR_RDONLY, RDWR_WRONLY, RDWR_RDWR};
@@ -430,7 +431,7 @@ static BOOL test_openx(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_VAL(io.openx.out.access_mask, STD_RIGHT_ALL_ACCESS);
+ CHECK_VAL(io.openx.out.access_mask, SEC_STD_ALL);
smbcli_close(cli->tree, io.openx.out.fnum);
done:
@@ -620,7 +621,7 @@ static BOOL test_ntcreatex(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 1024*1024;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@@ -706,7 +707,7 @@ static BOOL test_ntcreatex(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
/* create a directory */
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@@ -718,7 +719,7 @@ static BOOL test_ntcreatex(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_rmdir(cli->tree, fname);
smbcli_unlink(cli->tree, fname);
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@@ -793,7 +794,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 1024*1024;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@@ -881,7 +882,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
/* create a directory */
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@@ -893,7 +894,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_rmdir(cli->tree, fname);
smbcli_unlink(cli->tree, fname);
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c
index 51e6a5de6c..78236246f4 100644
--- a/source4/torture/raw/oplock.c
+++ b/source4/torture/raw/oplock.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define CHECK_VAL(v, correct) do { \
if ((v) != (correct)) { \
@@ -107,7 +108,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
*/
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@@ -275,7 +276,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_ATTRIBUTES|SA_RIGHT_FILE_WRITE_ATTRIBUTES|STD_RIGHT_SYNCHRONIZE_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
fnum2 = io.ntcreatex.out.fnum;
@@ -292,7 +293,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_ATTRIBUTES|SA_RIGHT_FILE_WRITE_ATTRIBUTES|STD_RIGHT_SYNCHRONIZE_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
@@ -307,7 +308,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
diff --git a/source4/torture/raw/qfileinfo.c b/source4/torture/raw/qfileinfo.c
index 45abecfa8d..23e9cad246 100644
--- a/source4/torture/raw/qfileinfo.c
+++ b/source4/torture/raw/qfileinfo.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
static struct {
const char *name;
@@ -554,13 +555,14 @@ BOOL torture_raw_qfileinfo(void)
/* and make sure we can open by alternate name */
smbcli_close(cli->tree, fnum);
- fnum = smbcli_nt_create_full(cli->tree, correct_name, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, correct_name, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
if (fnum == -1) {
printf("Unable to open by alt_name - %s\n", smbcli_errstr(cli->tree));
ret = False;
diff --git a/source4/torture/raw/rename.c b/source4/torture/raw/rename.c
index c3fc739d6a..04071c2f80 100644
--- a/source4/torture/raw/rename.c
+++ b/source4/torture/raw/rename.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define CHECK_STATUS(status, correct) do { \
if (!NT_STATUS_EQUAL(status, correct)) { \
@@ -61,7 +62,7 @@ static BOOL test_mv(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
op.generic.level = RAW_OPEN_NTCREATEX;
op.ntcreatex.in.root_fid = 0;
op.ntcreatex.in.flags = 0;
- op.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ op.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
op.ntcreatex.in.create_options = 0;
op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
op.ntcreatex.in.share_access =
@@ -88,7 +89,7 @@ static BOOL test_mv(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_close(cli->tree, fnum);
- op.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ op.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
op.ntcreatex.in.share_access =
NTCREATEX_SHARE_ACCESS_DELETE |
NTCREATEX_SHARE_ACCESS_READ |
diff --git a/source4/torture/raw/streams.c b/source4/torture/raw/streams.c
index 933a102989..3956e7d4c2 100644
--- a/source4/torture/raw/streams.c
+++ b/source4/torture/raw/streams.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\teststreams"
@@ -108,7 +109,7 @@ static BOOL test_stream_io(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_WRITE_DATA;
+ io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = 0;
@@ -187,7 +188,7 @@ static BOOL test_stream_io(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.fname = sname2;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 370f309b6c..29ae5b9273 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -1469,7 +1469,7 @@ static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
init_samr_String(&name, TEST_ALIASNAME);
r.in.domain_handle = domain_handle;
r.in.aliasname = &name;
- r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.alias_handle = alias_handle;
r.out.rid = &rid;
diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c
index fd4dcf7894..3c40f06b32 100644
--- a/source4/torture/rpc/svcctl.c
+++ b/source4/torture/rpc/svcctl.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_svcctl.h"
+#include "librpc/gen_ndr/ndr_security.h"
static BOOL test_EnumServicesStatus(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *h)
{
diff --git a/source4/torture/torture.c b/source4/torture/torture.c
index 7e1cd1f138..ca8c3342b6 100644
--- a/source4/torture/torture.c
+++ b/source4/torture/torture.c
@@ -26,6 +26,7 @@
#include "system/time.h"
#include "system/wait.h"
#include "ioctl.h"
+#include "librpc/gen_ndr/ndr_security.h"
int torture_nprocs=4;
int torture_numops=100;
@@ -895,9 +896,11 @@ static BOOL run_deferopen(struct smbcli_state *cli, int dummy)
do {
struct timeval tv;
tv = timeval_current();
- fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OPEN_IF, 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum != -1) {
break;
}
@@ -1311,22 +1314,22 @@ static BOOL run_trans2test(void)
/* FIRST_DESIRED_ACCESS 0xf019f */
-#define FIRST_DESIRED_ACCESS SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA|\
- SA_RIGHT_FILE_READ_EA| /* 0xf */ \
- SA_RIGHT_FILE_WRITE_EA|SA_RIGHT_FILE_READ_ATTRIBUTES| /* 0x90 */ \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES| /* 0x100 */ \
- STD_RIGHT_DELETE_ACCESS|STD_RIGHT_READ_CONTROL_ACCESS|\
- STD_RIGHT_WRITE_DAC_ACCESS|STD_RIGHT_WRITE_OWNER_ACCESS /* 0xf0000 */
+#define FIRST_DESIRED_ACCESS SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA|\
+ SEC_FILE_READ_EA| /* 0xf */ \
+ SEC_FILE_WRITE_EA|SEC_FILE_READ_ATTRIBUTE| /* 0x90 */ \
+ SEC_FILE_WRITE_ATTRIBUTE| /* 0x100 */ \
+ SEC_STD_DELETE|SEC_STD_READ_CONTROL|\
+ SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER /* 0xf0000 */
/* SECOND_DESIRED_ACCESS 0xe0080 */
-#define SECOND_DESIRED_ACCESS SA_RIGHT_FILE_READ_ATTRIBUTES| /* 0x80 */ \
- STD_RIGHT_READ_CONTROL_ACCESS|STD_RIGHT_WRITE_DAC_ACCESS|\
- STD_RIGHT_WRITE_OWNER_ACCESS /* 0xe0000 */
+#define SECOND_DESIRED_ACCESS SEC_FILE_READ_ATTRIBUTE| /* 0x80 */ \
+ SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|\
+ SEC_STD_WRITE_OWNER /* 0xe0000 */
#if 0
-#define THIRD_DESIRED_ACCESS FILE_READ_ATTRIBUTES| /* 0x80 */ \
- READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|\
- SA_RIGHT_FILE_READ_DATA|\
- WRITE_OWNER_ACCESS /* */
+#define THIRD_DESIRED_ACCESS FILE_READ_ATTRIBUTE| /* 0x80 */ \
+ READ_CONTROL|WRITE_DAC|\
+ SEC_FILE_READ_DATA|\
+ WRITE_OWNER /* */
#endif
/*
@@ -1346,9 +1349,11 @@ static BOOL run_xcopy(void)
}
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- FIRST_DESIRED_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
- NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF,
- 0x4044, 0);
+ FIRST_DESIRED_ACCESS,
+ FILE_ATTRIBUTE_ARCHIVE,
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0x4044, 0);
if (fnum1 == -1) {
printf("First open failed - %s\n", smbcli_errstr(cli1->tree));
@@ -1388,7 +1393,7 @@ static BOOL run_pipe_number(void)
}
while(1) {
- fnum = smbcli_nt_create_full(cli1->tree, pipe_name, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+ fnum = smbcli_nt_create_full(cli1->tree, pipe_name, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum == -1) {
@@ -1705,7 +1710,7 @@ error_test4:
printf("TEST #1 testing 2 non-io opens (no delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -1714,7 +1719,7 @@ error_test4:
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
printf("test 1 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
@@ -1737,7 +1742,7 @@ error_test10:
printf("TEST #2 testing 2 non-io opens (first with delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -1746,7 +1751,7 @@ error_test10:
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@@ -1770,7 +1775,7 @@ error_test20:
printf("TEST #3 testing 2 non-io opens (second with delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -1779,7 +1784,7 @@ error_test20:
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@@ -1803,7 +1808,7 @@ error_test30:
printf("TEST #4 testing 2 non-io opens (both with delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -1812,7 +1817,7 @@ error_test30:
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 != -1) {
@@ -1834,7 +1839,7 @@ error_test40:
printf("TEST #5 testing 2 non-io opens (both with delete - both with file share delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -1843,7 +1848,7 @@ error_test40:
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@@ -1868,7 +1873,7 @@ error_test50:
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -1877,7 +1882,7 @@ error_test50:
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@@ -1902,7 +1907,7 @@ error_test60:
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@@ -1911,7 +1916,7 @@ error_test60:
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 != -1) {
diff --git a/source4/torture/torture_util.c b/source4/torture/torture_util.c
index af8a1ca065..edc00a571f 100644
--- a/source4/torture/torture_util.c
+++ b/source4/torture/torture_util.c
@@ -22,6 +22,7 @@
#include "libcli/raw/libcliraw.h"
#include "system/shmem.h"
#include "system/time.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
@@ -52,7 +53,7 @@ int create_directory_handle(struct smbcli_tree *tree, const char *dname)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_ALL;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@@ -86,13 +87,14 @@ int create_complex_file(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const cha
NTSTATUS status;
smbcli_unlink(cli->tree, fname);
- fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
if (fnum == -1) return -1;
smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));