s3-security: use shared "File Object specific access rights".

Guenther

3 files changed, 3 insertions, 56 deletions

diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index f3efe27d7f..97ccc9b0d1 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -51,57 +51,4 @@ struct standard_mapping {
 
 #define STD_RIGHT_ALL_ACCESS		0x001F0000
 
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA		0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA	0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA	0x00000004
-#define SA_RIGHT_FILE_READ_EA		0x00000008
-#define SA_RIGHT_FILE_WRITE_EA		0x00000010
-#define SA_RIGHT_FILE_EXECUTE		0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD	0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES	0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES	0x00000100
-
-#define SA_RIGHT_FILE_ALL_ACCESS	0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ	\
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_READ_DATA		| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_WRITE_DATA	| \
-		SA_RIGHT_FILE_WRITE_ATTRIBUTES	| \
-		SA_RIGHT_FILE_WRITE_EA		| \
-		SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_EXECUTE)            
-
-#define GENERIC_RIGHTS_FILE_MODIFY \
-		(STANDARD_RIGHTS_MODIFY_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		STD_RIGHT_DELETE_ACCESS		| \
-		SA_RIGHT_FILE_WRITE_ATTRIBUTES	| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_EXECUTE		| \
-		SA_RIGHT_FILE_WRITE_EA		| \
-		SA_RIGHT_FILE_READ_EA		| \
-		SA_RIGHT_FILE_APPEND_DATA	| \
-		SA_RIGHT_FILE_WRITE_DATA	| \
-		SA_RIGHT_FILE_READ_DATA)
-
 #endif /* _RPC_SECDES_H */
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index a6b9c6ed01..3d4ab29510 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -553,7 +553,7 @@ static bool smbacl4_fill_ace4(
 	ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
 	ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
 	ace_v4->aceMask = ace_nt->access_mask &
-		(STD_RIGHT_ALL_ACCESS | SA_RIGHT_FILE_ALL_ACCESS);
+		(STD_RIGHT_ALL_ACCESS | SEC_FILE_ALL);
 
 	se_map_generic(&ace_v4->aceMask, &file_generic_mapping);
 
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 99185ef552..2d4c597358 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -129,7 +129,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
 
 	/* we have to have READ permission for a successful open */
 
-	return ( info->access_granted & SA_RIGHT_FILE_READ_DATA );
+	return ( info->access_granted & SEC_FILE_READ_DATA );
 }
 
 /********************************************************************
@@ -439,7 +439,7 @@ NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
 
 	/* check for WRITE access to the file */
 
-	if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
+	if ( !(info->access_granted & SEC_FILE_WRITE_DATA) )
 		return NT_STATUS_ACCESS_DENIED;
 
 	/* Force a close and reopen */