summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-11-30 04:33:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:13 -0500
commitfdc9f417d89fdf9dd6afbc22843d70585e195c9d (patch)
treeca74e9c5b19771d7aecff06df93ebfaa3115c7da /source4/librpc
parent2ed4ff13d509218785d9941dc17219958ab04223 (diff)
downloadsamba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.tar.gz
samba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.tar.bz2
samba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.zip
r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/idl/security.idl94
-rw-r--r--source4/librpc/rpc/dcerpc_smb.c11
2 files changed, 100 insertions, 5 deletions
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 9625153ec1..817b57a780 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -6,6 +6,90 @@
interface security
{
+ /*
+ access masks are divided up like this:
+ 0xabccdddd
+ where
+ a = generic rights bits SEC_GENERIC_
+ b = flags SEC_FLAG_
+ c = standard rights bits SEC_STD_
+ d = object type specific bits SEC_{FILE,DIR,REG,xxx}_
+
+ common combinations of bits are prefixed with SEC_RIGHTS_
+ */
+ const int SEC_MASK_GENERIC = 0xF0000000;
+ const int SEC_MASK_FLAGS = 0x0F000000;
+ const int SEC_MASK_STANDARD = 0x00FF0000;
+ const int SEC_MASK_SPECIFIC = 0x0000FFFF;
+
+ /* generic bits */
+ const int SEC_GENERIC_ALL = 0x10000000;
+ const int SEC_GENERIC_EXECUTE = 0x20000000;
+ const int SEC_GENERIC_WRITE = 0x40000000;
+ const int SEC_GENERIC_READ = 0x80000000;
+
+ /* flag bits */
+ const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000;
+ const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000;
+
+ /* standard bits */
+ const int SEC_STD_DELETE = 0x00010000;
+ const int SEC_STD_READ_CONTROL = 0x00020000;
+ const int SEC_STD_WRITE_DAC = 0x00040000;
+ const int SEC_STD_WRITE_OWNER = 0x00080000;
+ const int SEC_STD_SYNCHRONIZE = 0x00100000;
+ const int SEC_STD_REQUIRED = 0x000F0000;
+ const int SEC_STD_ALL = 0x001F0000;
+
+ /* file specific bits */
+ const int SEC_FILE_READ_DATA = 0x00000001;
+ const int SEC_FILE_WRITE_DATA = 0x00000002;
+ const int SEC_FILE_APPEND_DATA = 0x00000004;
+ const int SEC_FILE_READ_EA = 0x00000008;
+ const int SEC_FILE_WRITE_EA = 0x00000010;
+ const int SEC_FILE_EXECUTE = 0x00000020;
+ const int SEC_FILE_READ_ATTRIBUTE = 0x00000080;
+ const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100;
+ const int SEC_FILE_ALL = 0x000001ff;
+
+ /* directory specific bits */
+ const int SEC_DIR_LIST = 0x00000001;
+ const int SEC_DIR_ADD_FILE = 0x00000002;
+ const int SEC_DIR_ADD_SUBDIR = 0x00000004;
+ const int SEC_DIR_READ_EA = 0x00000008;
+ const int SEC_DIR_WRITE_EA = 0x00000010;
+ const int SEC_DIR_TRAVERSE = 0x00000020;
+ const int SEC_DIR_DELETE_CHILD = 0x00000040;
+ const int SEC_DIR_READ_ATTRIBUTE = 0x00000080;
+ const int SEC_DIR_WRITE_ATTRIBUTE = 0x00000100;
+
+ /* registry entry specific bits */
+ const int SEC_REG_QUERY_VALUE = 0x00000001;
+ const int SEC_REG_SET_VALUE = 0x00000002;
+ const int SEC_REG_CREATE_SUBKEY = 0x00000004;
+ const int SEC_REG_ENUM_SUBKEYS = 0x00000008;
+ const int SEC_REG_NOTIFY = 0x00000010;
+ const int SEC_REG_CREATE_LINK = 0x00000020;
+
+ /* common combinations of bits */
+ const int SEC_RIGHTS_FULL_CONTROL = SEC_STD_ALL | SEC_FILE_ALL;
+
+ const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL |
+ SEC_STD_SYNCHRONIZE |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_READ_EA;
+
+ const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL |
+ SEC_STD_SYNCHRONIZE |
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_APPEND_DATA;
+
+ const int SEC_RIGHTS_MAXIMUM_ALLOWED = SEC_FLAG_MAXIMUM_ALLOWED;
+
+
/* a NULL sid */
const string SID_NULL = "S-1-0-0";
@@ -83,6 +167,8 @@ interface security
dom_sid trustee;
} security_ace;
+ const int NT4_ACL_REVISION = 0x2;
+
typedef [public] struct {
uint16 revision;
[value(ndr_size_security_acl(r))] uint16 size;
@@ -111,6 +197,14 @@ interface security
const int SEC_DESC_RM_CONTROL_VALID = 0x4000;
const int SEC_DESC_SELF_RELATIVE = 0x8000;
+ /* bits that determine which parts of a security descriptor
+ are being queried/set */
+ const int SECINFO_OWNER = 0x00000001;
+ const int SECINFO_GROUP = 0x00000002;
+ const int SECINFO_DACL = 0x00000004;
+ const int SECINFO_SACL = 0x00000008;
+
+
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
uint8 revision;
uint16 type; /* SEC_DESC_xxxx flags */
diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
index 25f3ea277a..d04b067eeb 100644
--- a/source4/librpc/rpc/dcerpc_smb.c
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* transport private information used by SMB pipe transport */
struct smb_private {
@@ -379,11 +380,11 @@ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe **p,
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask =
- STD_RIGHT_READ_CONTROL_ACCESS |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES |
- SA_RIGHT_FILE_WRITE_EA |
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_STD_READ_CONTROL |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA;
io.ntcreatex.in.file_attr = 0;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.share_access =