diff options
| author | Gerald Carter <jerry@samba.org> | 2005-06-14 18:08:39 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:57:14 -0500 |
| commit | 023ac1031b0057ee752cf2d3a8de3d6e0d4b1802 (patch) | |
| tree | e97aeaa7ada1fa760a7a4b3eb994ee2a9d538a6d /source3/include/rpc_secdes.h | |
| parent | 2265f5c9d7a829a835d6b58be2abe0604ee0b367 (diff) | |
| download | samba-023ac1031b0057ee752cf2d3a8de3d6e0d4b1802.tar.gz samba-023ac1031b0057ee752cf2d3a8de3d6e0d4b1802.tar.bz2 samba-023ac1031b0057ee752cf2d3a8de3d6e0d4b1802.zip | |
r7576: implement access checks for open_scm and open_service
according to default security descriptor described in MSDN.
no one can get in to due to the permissions, but i'll fix
that next.
(This used to be commit 11902e503ed4f6d6991a9fe7521fe44168274ec8)
Diffstat (limited to 'source3/include/rpc_secdes.h')
| -rw-r--r-- | source3/include/rpc_secdes.h | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 9eb4c9a41e..fe95706d03 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -475,15 +475,20 @@ typedef struct standard_mapping { #define SC_RIGHT_MGR_QUERY_LOCK_STATUS 0x0010 #define SC_RIGHT_MGR_MODIFY_BOOT_CONFIG 0x0020 +#define SC_MANAGER_READ_ACCESS \ + ( STANDARD_RIGHTS_READ_ACCESS | \ + SC_RIGHT_MGR_CONNECT | \ + SC_RIGHT_MGR_ENUMERATE_SERVICE | \ + SC_RIGHT_MGR_QUERY_LOCK_STATUS ) + #define SC_MANAGER_ALL_ACCESS \ ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ - SC_RIGHT_MGR_CONNECT | \ + SC_MANAGER_READ_ACCESS | \ SC_RIGHT_MGR_CREATE_SERVICE | \ - SC_RIGHT_MGR_ENUMERATE_SERVICE | \ SC_RIGHT_MGR_LOCK | \ - SC_RIGHT_MGR_QUERY_LOCK_STATUS | \ SC_RIGHT_MGR_MODIFY_BOOT_CONFIG ) + /* Service Object Bits */ #define SC_RIGHT_SVC_QUERY_CONFIG 0x0001 @@ -496,17 +501,26 @@ typedef struct standard_mapping { #define SC_RIGHT_SVC_INTERROGATE 0x0080 #define SC_RIGHT_SVC_USER_DEFINED_CONTROL 0x0100 -#define SERVICE_ALL_ACCESS \ - ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ +#define SERVICE_READ_ACCESS \ + ( STANDARD_RIGHTS_READ_ACCESS | \ + SC_RIGHT_SVC_ENUMERATE_DEPENDENTS | \ + SC_RIGHT_SVC_INTERROGATE | \ SC_RIGHT_SVC_QUERY_CONFIG | \ - SC_RIGHT_SVC_CHANGE_CONFIG | \ SC_RIGHT_SVC_QUERY_STATUS | \ - SC_RIGHT_SVC_ENUMERATE_DEPENDENTS | \ + SC_RIGHT_SVC_USER_DEFINED_CONTROL ) + +#define SERVICE_EXECUTE_ACCESS \ + ( SERVICE_READ_ACCESS | \ SC_RIGHT_SVC_START | \ SC_RIGHT_SVC_STOP | \ - SC_RIGHT_SVC_PAUSE_CONTINUE | \ - SC_RIGHT_SVC_INTERROGATE | \ - SC_RIGHT_SVC_USER_DEFINED_CONTROL ) + SC_RIGHT_SVC_PAUSE_CONTINUE ) + +#define SERVICE_ALL_ACCESS \ + ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ + SERVICE_READ_ACCESS | \ + SERVICE_EXECUTE_ACCESS ) + + /* * Access Bits for registry ACLS |