diff options
author | Gerald Carter <jerry@samba.org> | 2005-01-28 16:55:09 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:12 -0500 |
commit | 962a5c95528932fde64c8c8b70b0a81c382c2905 (patch) | |
tree | f55bbdd1d293dc0a3c86c3571f434520c021ad60 /source3/include | |
parent | 6441450e9306b1b09ca2a085d47992867acdd4ec (diff) | |
download | samba-962a5c95528932fde64c8c8b70b0a81c382c2905.tar.gz samba-962a5c95528932fde64c8c8b70b0a81c382c2905.tar.bz2 samba-962a5c95528932fde64c8c8b70b0a81c382c2905.zip |
r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
(This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
Diffstat (limited to 'source3/include')
-rw-r--r-- | source3/include/rpc_lsa.h | 2 | ||||
-rw-r--r-- | source3/include/rpc_secdes.h | 5 | ||||
-rw-r--r-- | source3/include/smb.h | 2 |
3 files changed, 6 insertions, 3 deletions
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index a2bc72d2b2..c0425271b3 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -207,7 +207,7 @@ typedef struct lsa_r_open_pol2_info POLICY_VIEW_AUDIT_INFORMATION |\ POLICY_GET_PRIVATE_INFORMATION) -#define POLICY_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS |\ +#define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\ POLICY_TRUST_ADMIN |\ POLICY_CREATE_ACCOUNT |\ POLICY_CREATE_SECRET |\ diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 1279007220..3e4c47dce9 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -251,7 +251,10 @@ typedef struct standard_mapping { #define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */ #define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */ #define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */ -#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */ +#define STANDARD_RIGHTS_WRITE_ACCESS \ + (STD_RIGHT_WRITE_OWNER_ACCESS | \ + STD_RIGHT_WRITE_DAC_ACCESS | \ + STD_RIGHT_DELETE_ACCESS) /* 0x000d0000 */ #define STANDARD_RIGHTS_REQUIRED_ACCESS \ (STD_RIGHT_DELETE_ACCESS | \ STD_RIGHT_READ_CONTROL_ACCESS | \ diff --git a/source3/include/smb.h b/source3/include/smb.h index 913061014d..c894695378 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1069,7 +1069,7 @@ struct bitmap { #define FILE_GENERIC_READ (STANDARD_RIGHTS_READ_ACCESS|FILE_READ_DATA|FILE_READ_ATTRIBUTES|\ FILE_READ_EA|SYNCHRONIZE_ACCESS) -#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\ +#define FILE_GENERIC_WRITE (STD_RIGHT_READ_CONTROL_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\ FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS) #define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|\ |