summaryrefslogtreecommitdiff
path: root/source4/ntvfs/posix
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-11-30 04:33:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:13 -0500
commitfdc9f417d89fdf9dd6afbc22843d70585e195c9d (patch)
treeca74e9c5b19771d7aecff06df93ebfaa3115c7da /source4/ntvfs/posix
parent2ed4ff13d509218785d9941dc17219958ab04223 (diff)
downloadsamba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.tar.gz
samba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.tar.bz2
samba-fdc9f417d89fdf9dd6afbc22843d70585e195c9d.zip
r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
Diffstat (limited to 'source4/ntvfs/posix')
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c80
-rw-r--r--source4/ntvfs/posix/pvfs_open.c24
-rw-r--r--source4/ntvfs/posix/pvfs_read.c5
-rw-r--r--source4/ntvfs/posix/pvfs_setfileinfo.c5
-rw-r--r--source4/ntvfs/posix/pvfs_write.c3
5 files changed, 60 insertions, 57 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 2ff873fd78..2fff6db628 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -71,7 +71,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
- Group
- Everyone
*/
- access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS;
+ access_masks[0] = SEC_RIGHTS_FULL_CONTROL;
access_masks[1] = 0;
access_masks[2] = 0;
access_masks[3] = 0;
@@ -80,54 +80,54 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
if (mode & S_IRUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES |
- STD_RIGHT_DELETE_ACCESS;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_STD_DELETE;
}
if (mode & S_IRGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
if (mode & S_IROTH) {
access_masks[3] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWOTH) {
access_masks[3] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
@@ -163,16 +163,16 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
*/
static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags)
{
- if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_OWNER)) {
sd->owner_sid = NULL;
}
- if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_GROUP)) {
sd->group_sid = NULL;
}
- if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_DACL)) {
sd->dacl = NULL;
}
- if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_SACL)) {
sd->sacl = NULL;
}
}
@@ -214,16 +214,16 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
new_sd = info->set_secdesc.in.sd;
/* only set the elements that have been specified */
- if (secinfo_flags & OWNER_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_OWNER) {
sd->owner_sid = new_sd->owner_sid;
}
- if (secinfo_flags & GROUP_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_GROUP) {
sd->group_sid = new_sd->group_sid;
}
- if (secinfo_flags & DACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_DACL) {
sd->dacl = new_sd->dacl;
}
- if (secinfo_flags & SACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_SACL) {
sd->sacl = new_sd->sacl;
}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 3d0e444d29..4b8de28488 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -380,11 +380,11 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
return NT_STATUS_CANNOT_DELETE;
}
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags = O_RDWR;
} else {
flags = O_RDONLY;
@@ -460,7 +460,7 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
union smb_setfileinfo set;
set.set_secdesc.file.fnum = fnum;
- set.set_secdesc.in.secinfo_flags = DACL_SECURITY_INFORMATION;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
set.set_secdesc.in.sd = io->ntcreatex.in.sec_desc;
status = pvfs_acl_set(pvfs, req, name, fd, &set);
@@ -676,7 +676,7 @@ static NTSTATUS pvfs_open_deny_dos(struct ntvfs_module_context *ntvfs,
(f2->handle->create_options &
(NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
- (f2->access_mask & SA_RIGHT_FILE_WRITE_DATA) &&
+ (f2->access_mask & SEC_FILE_WRITE_DATA) &&
StrCaseCmp(f2->handle->name->original_name,
io->generic.in.fname)==0) {
break;
@@ -862,17 +862,17 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
share_access = io->generic.in.share_access;
access_mask = io->generic.in.access_mask;
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) {
- access_mask = GENERIC_RIGHTS_FILE_READ;
+ access_mask = SEC_RIGHTS_FILE_READ;
} else {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
}
/* certain create options are not allowed */
if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
- !(access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ !(access_mask & SEC_STD_DELETE)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -914,7 +914,7 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags |= O_RDWR;
} else {
flags |= O_RDONLY;
@@ -1240,7 +1240,7 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_WRITE |
NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
@@ -1263,7 +1263,7 @@ NTSTATUS pvfs_can_rename(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE,
0,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
index 793a97ba62..db597d7097 100644
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "vfs_posix.h"
#include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
read from a file
@@ -50,9 +51,9 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- mask = SA_RIGHT_FILE_READ_DATA;
+ mask = SEC_FILE_READ_DATA;
if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
- mask |= SA_RIGHT_FILE_EXECUTE;
+ mask |= SEC_FILE_EXECUTE;
}
if (!(f->access_mask & mask)) {
return NT_STATUS_ACCESS_DENIED;
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 5a758a6b70..c43ef5c40a 100644
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -258,7 +258,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
case RAW_SFILEINFO_DISPOSITION_INFO:
case RAW_SFILEINFO_DISPOSITION_INFORMATION:
- if (!(f->access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ if (!(f->access_mask & SEC_STD_DELETE)) {
return NT_STATUS_ACCESS_DENIED;
}
create_options = h->create_options;
@@ -322,7 +322,8 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
}
} else {
int ret;
- if (f->access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (f->access_mask &
+ (SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA)) {
ret = ftruncate(h->fd, newstats.st.st_size);
} else {
ret = truncate(h->name->full_name, newstats.st.st_size);
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c
index 3f6e8d908a..025ea3f3eb 100644
--- a/source4/ntvfs/posix/pvfs_write.c
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "vfs_posix.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
@@ -48,7 +49,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
+ if (!(f->access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA))) {
return NT_STATUS_ACCESS_VIOLATION;
}