Tidied up security rights definitions.

Jeremy.
(This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d)

3 files changed, 20 insertions, 28 deletions

diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 13b8494b2e..9acc4511e8 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -29,10 +29,6 @@
 #define SEC_RIGHTS_ENUM_SUBKEYS   0x00000008
 #define SEC_RIGHTS_NOTIFY         0x00000010
 #define SEC_RIGHTS_CREATE_LINK    0x00000020
-#define SEC_RIGHTS_DELETE         0x00010000
-#define SEC_RIGHTS_READ_CONTROL   0x00020000
-#define SEC_RIGHTS_WRITE_DAC      0x00040000
-#define SEC_RIGHTS_WRITE_OWNER    0x00080000
 
 #define SEC_RIGHTS_READ           0x00020019
 #define SEC_RIGHTS_FULL_CONTROL   0x000f003f
diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h
index 6781dc6aea..1e0a53d9e0 100755
--- a/source3/include/rpc_spoolss.h
+++ b/source3/include/rpc_spoolss.h
@@ -157,28 +157,23 @@
 #define PRINTER_ACCESS_USE		0x00000008
 #define JOB_ACCESS_ADMINISTER		0x00000010
 
-#define STANDARD_RIGHTS_READ		0x00020000
-#define STANDARD_RIGHTS_WRITE		STANDARD_RIGHTS_READ
-#define STANDARD_RIGHTS_EXECUTE		STANDARD_RIGHTS_READ
-#define STANDARD_RIGHTS_REQUIRED	0x000F0000
-
 /* Access rights for print servers */
-#define SERVER_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
-#define SERVER_READ		STANDARD_RIGHTS_READ|SERVER_ACCESS_ENUMERATE
-#define SERVER_WRITE		STANDARD_RIGHTS_WRITE|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
-#define SERVER_EXECUTE		STANDARD_RIGHTS_EXECUTE|SERVER_ACCESS_ENUMERATE
+#define SERVER_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_READ		STANDARD_RIGHTS_READ_ACCESS|SERVER_ACCESS_ENUMERATE
+#define SERVER_WRITE		STANDARD_RIGHTS_WRITE_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_EXECUTE		STANDARD_RIGHTS_EXECUTE_ACCESS|SERVER_ACCESS_ENUMERATE
 
 /* Access rights for printers */
-#define PRINTER_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE
-#define PRINTER_READ          STANDARD_RIGHTS_READ|PRINTER_ACCESS_USE
-#define PRINTER_WRITE         STANDARD_RIGHTS_WRITE|PRINTER_ACCESS_USE
-#define PRINTER_EXECUTE       STANDARD_RIGHTS_EXECUTE|PRINTER_ACCESS_USE
+#define PRINTER_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED_ACCESS|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE
+#define PRINTER_READ          STANDARD_RIGHTS_READ_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_WRITE         STANDARD_RIGHTS_WRITE_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_EXECUTE       STANDARD_RIGHTS_EXECUTE_ACCESS|PRINTER_ACCESS_USE
 
 /* Access rights for jobs */
-#define JOB_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED|JOB_ACCESS_ADMINISTER
-#define JOB_READ	STANDARD_RIGHTS_READ|JOB_ACCESS_ADMINISTER
-#define JOB_WRITE	STANDARD_RIGHTS_WRITE|JOB_ACCESS_ADMINISTER
-#define JOB_EXECUTE	STANDARD_RIGHTS_EXECUTE|JOB_ACCESS_ADMINISTER
+#define JOB_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_READ	STANDARD_RIGHTS_READ_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_WRITE	STANDARD_RIGHTS_WRITE_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_EXECUTE	STANDARD_RIGHTS_EXECUTE_ACCESS|JOB_ACCESS_ADMINISTER
 
 #define POLICY_HND_SIZE 20
 
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 03d4b4c9b3..bd7f828747 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1154,21 +1154,22 @@ struct bitmap {
 #define WRITE_OWNER_ACCESS   (1L<<19)
 #define SYNCHRONIZE_ACCESS   (1L<<20)
 
+/* Combinations of standard masks. */
+#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)
+#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS)
+#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS)
+
 #define SYSTEM_SECURITY_ACCESS (1L<<24)
+#define MAXIMUM_ALLOWED_ACCESS (1L<<25)
 #define GENERIC_ALL_ACCESS   (1<<28)
 #define GENERIC_EXECUTE_ACCESS  (1<<29)
 #define GENERIC_WRITE_ACCESS   (1<<30)
 #define GENERIC_READ_ACCESS   (((unsigned)1)<<31)
 
-#define FILE_ALL_STANDARD_ACCESS 0x1F0000
-
 /* Mapping of access rights to UNIX perms. */
-#if 0 /* Don't use all here... JRA. */
-#define UNIX_ACCESS_RWX (FILE_ALL_ATTRIBUTES|FILE_ALL_STANDARD_ACCESS)
-#else
 #define UNIX_ACCESS_RWX (UNIX_ACCESS_R|UNIX_ACCESS_W|UNIX_ACCESS_X)
-#endif
-
 #define UNIX_ACCESS_R (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
 			FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_READ_DATA)
 #define UNIX_ACCESS_W (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\