r4011: get rid of rpc_secdes.h and replace it with a single sane set of

definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)

5 files changed, 60 insertions, 57 deletions

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 2ff873fd78..2fff6db628 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -71,7 +71,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
 	    - Group
 	    - Everyone
 	 */
-	access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS;
+	access_masks[0] = SEC_RIGHTS_FULL_CONTROL;
 	access_masks[1] = 0;
 	access_masks[2] = 0;
 	access_masks[3] = 0;
@@ -80,54 +80,54 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
 
 	if (mode & S_IRUSR) {
 		access_masks[1] |= 
-			SA_RIGHT_FILE_READ_DATA | 
-			SA_RIGHT_FILE_READ_EA |
-			SA_RIGHT_FILE_READ_ATTRIBUTES |
-			SA_RIGHT_FILE_EXECUTE |
-			STD_RIGHT_SYNCHRONIZE_ACCESS |
-			STD_RIGHT_READ_CONTROL_ACCESS;
+			SEC_FILE_READ_DATA | 
+			SEC_FILE_READ_EA |
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_FILE_EXECUTE |
+			SEC_STD_SYNCHRONIZE |
+			SEC_STD_READ_CONTROL;
 	}
 	if (mode & S_IWUSR) {
 		access_masks[1] |= 
-			SA_RIGHT_FILE_WRITE_DATA | 
-			SA_RIGHT_FILE_APPEND_DATA |
-			SA_RIGHT_FILE_WRITE_EA |
-			SA_RIGHT_FILE_WRITE_ATTRIBUTES |
-			STD_RIGHT_DELETE_ACCESS;
+			SEC_FILE_WRITE_DATA | 
+			SEC_FILE_APPEND_DATA |
+			SEC_FILE_WRITE_EA |
+			SEC_FILE_WRITE_ATTRIBUTE |
+			SEC_STD_DELETE;
 	}
 
 	if (mode & S_IRGRP) {
 		access_masks[2] |= 
-			SA_RIGHT_FILE_READ_DATA | 
-			SA_RIGHT_FILE_READ_EA |
-			SA_RIGHT_FILE_READ_ATTRIBUTES |
-			SA_RIGHT_FILE_EXECUTE |
-			STD_RIGHT_SYNCHRONIZE_ACCESS |
-			STD_RIGHT_READ_CONTROL_ACCESS;
+			SEC_FILE_READ_DATA | 
+			SEC_FILE_READ_EA |
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_FILE_EXECUTE |
+			SEC_STD_SYNCHRONIZE |
+			SEC_STD_READ_CONTROL;
 	}
 	if (mode & S_IWGRP) {
 		access_masks[2] |= 
-			SA_RIGHT_FILE_WRITE_DATA | 
-			SA_RIGHT_FILE_APPEND_DATA |
-			SA_RIGHT_FILE_WRITE_EA |
-			SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+			SEC_FILE_WRITE_DATA | 
+			SEC_FILE_APPEND_DATA |
+			SEC_FILE_WRITE_EA |
+			SEC_FILE_WRITE_ATTRIBUTE;
 	}
 
 	if (mode & S_IROTH) {
 		access_masks[3] |= 
-			SA_RIGHT_FILE_READ_DATA | 
-			SA_RIGHT_FILE_READ_EA |
-			SA_RIGHT_FILE_READ_ATTRIBUTES |
-			SA_RIGHT_FILE_EXECUTE |
-			STD_RIGHT_SYNCHRONIZE_ACCESS |
-			STD_RIGHT_READ_CONTROL_ACCESS;
+			SEC_FILE_READ_DATA | 
+			SEC_FILE_READ_EA |
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_FILE_EXECUTE |
+			SEC_STD_SYNCHRONIZE |
+			SEC_STD_READ_CONTROL;
 	}
 	if (mode & S_IWOTH) {
 		access_masks[3] |= 
-			SA_RIGHT_FILE_WRITE_DATA | 
-			SA_RIGHT_FILE_APPEND_DATA |
-			SA_RIGHT_FILE_WRITE_EA |
-			SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+			SEC_FILE_WRITE_DATA | 
+			SEC_FILE_APPEND_DATA |
+			SEC_FILE_WRITE_EA |
+			SEC_FILE_WRITE_ATTRIBUTE;
 	}
 
 	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
@@ -163,16 +163,16 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
 */
 static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags)
 {
-	if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) {
+	if (!(secinfo_flags & SECINFO_OWNER)) {
 		sd->owner_sid = NULL;
 	}
-	if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) {
+	if (!(secinfo_flags & SECINFO_GROUP)) {
 		sd->group_sid = NULL;
 	}
-	if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) {
+	if (!(secinfo_flags & SECINFO_DACL)) {
 		sd->dacl = NULL;
 	}
-	if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) {
+	if (!(secinfo_flags & SECINFO_SACL)) {
 		sd->sacl = NULL;
 	}
 }
@@ -214,16 +214,16 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
 	new_sd = info->set_secdesc.in.sd;
 
 	/* only set the elements that have been specified */
-	if (secinfo_flags & OWNER_SECURITY_INFORMATION) {
+	if (secinfo_flags & SECINFO_OWNER) {
 		sd->owner_sid = new_sd->owner_sid;
 	}
-	if (secinfo_flags & GROUP_SECURITY_INFORMATION) {
+	if (secinfo_flags & SECINFO_GROUP) {
 		sd->group_sid = new_sd->group_sid;
 	}
-	if (secinfo_flags & DACL_SECURITY_INFORMATION) {
+	if (secinfo_flags & SECINFO_DACL) {
 		sd->dacl = new_sd->dacl;
 	}
-	if (secinfo_flags & SACL_SECURITY_INFORMATION) {
+	if (secinfo_flags & SECINFO_SACL) {
 		sd->sacl = new_sd->sacl;
 	}
 
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 3d0e444d29..4b8de28488 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -380,11 +380,11 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
 		return NT_STATUS_CANNOT_DELETE;
 	}
 	
-	if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
-		access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+	if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+		access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
 	}
 
-	if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+	if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
 		flags = O_RDWR;
 	} else {
 		flags = O_RDONLY;
@@ -460,7 +460,7 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
 		union smb_setfileinfo set;
 
 		set.set_secdesc.file.fnum = fnum;
-		set.set_secdesc.in.secinfo_flags = DACL_SECURITY_INFORMATION;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
 		set.set_secdesc.in.sd = io->ntcreatex.in.sec_desc;
 
 		status = pvfs_acl_set(pvfs, req, name, fd, &set);
@@ -676,7 +676,7 @@ static NTSTATUS pvfs_open_deny_dos(struct ntvfs_module_context *ntvfs,
 		    (f2->handle->create_options & 
 		     (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
 		      NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
-		    (f2->access_mask & SA_RIGHT_FILE_WRITE_DATA) &&
+		    (f2->access_mask & SEC_FILE_WRITE_DATA) &&
 		    StrCaseCmp(f2->handle->name->original_name, 
 			       io->generic.in.fname)==0) {
 			break;
@@ -862,17 +862,17 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
 	share_access   = io->generic.in.share_access;
 	access_mask    = io->generic.in.access_mask;
 
-	if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
+	if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
 		if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) {
-			access_mask = GENERIC_RIGHTS_FILE_READ;
+			access_mask = SEC_RIGHTS_FILE_READ;
 		} else {
-			access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+			access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
 		}
 	}
 
 	/* certain create options are not allowed */
 	if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
-	    !(access_mask & STD_RIGHT_DELETE_ACCESS)) {
+	    !(access_mask & SEC_STD_DELETE)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
@@ -914,7 +914,7 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+	if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
 		flags |= O_RDWR;
 	} else {
 		flags |= O_RDONLY;
@@ -1240,7 +1240,7 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
 			      NTCREATEX_SHARE_ACCESS_WRITE | 
 			      NTCREATEX_SHARE_ACCESS_DELETE, 
 			      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 
-			      STD_RIGHT_DELETE_ACCESS);
+			      SEC_STD_DELETE);
 
 	return status;
 }
@@ -1263,7 +1263,7 @@ NTSTATUS pvfs_can_rename(struct pvfs_state *pvfs, struct pvfs_filename *name)
 			      NTCREATEX_SHARE_ACCESS_READ |
 			      NTCREATEX_SHARE_ACCESS_WRITE,
 			      0,
-			      STD_RIGHT_DELETE_ACCESS);
+			      SEC_STD_DELETE);
 
 	return status;
 }
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
index 793a97ba62..db597d7097 100644
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "vfs_posix.h"
 #include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_security.h"
 
 /*
   read from a file
@@ -50,9 +51,9 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_FILE_IS_A_DIRECTORY;
 	}
 
-	mask = SA_RIGHT_FILE_READ_DATA;
+	mask = SEC_FILE_READ_DATA;
 	if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
-		mask |= SA_RIGHT_FILE_EXECUTE;
+		mask |= SEC_FILE_EXECUTE;
 	}
 	if (!(f->access_mask & mask)) {
 		return NT_STATUS_ACCESS_DENIED;
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 5a758a6b70..c43ef5c40a 100644
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -258,7 +258,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
 
 	case RAW_SFILEINFO_DISPOSITION_INFO:
 	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
-		if (!(f->access_mask & STD_RIGHT_DELETE_ACCESS)) {
+		if (!(f->access_mask & SEC_STD_DELETE)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
 		create_options = h->create_options;
@@ -322,7 +322,8 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
 			}
 		} else {
 			int ret;
-			if (f->access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+			if (f->access_mask & 
+			    (SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA)) {
 				ret = ftruncate(h->fd, newstats.st.st_size);
 			} else {
 				ret = truncate(h->name->full_name, newstats.st.st_size);
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c
index 3f6e8d908a..025ea3f3eb 100644
--- a/source4/ntvfs/posix/pvfs_write.c
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "vfs_posix.h"
+#include "librpc/gen_ndr/ndr_security.h"
 
 
 /*
@@ -48,7 +49,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_FILE_IS_A_DIRECTORY;
 	}
 
-	if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
+	if (!(f->access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA))) {
 		return NT_STATUS_ACCESS_VIOLATION;
 	}