summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libcli/samsync/config.mk4
-rw-r--r--libcli/samsync/samsync.h34
-rw-r--r--libcli/security/config.mk2
-rw-r--r--libcli/security/security_descriptor.c (renamed from source4/libcli/security/security_descriptor.c)0
-rw-r--r--libcli/security/security_descriptor.h64
-rw-r--r--librpc/gen_ndr/winreg.h4
-rw-r--r--librpc/idl/winreg.idl20
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/client/client.c2
-rw-r--r--source3/client/clitar.c2
-rw-r--r--source3/include/includes.h1
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/include/rpc_secdes.h38
-rw-r--r--source3/lib/smbconf/smbconf_reg.c2
-rw-r--r--source3/libnet/libnet_join.c10
-rw-r--r--source3/libsmb/clifile.c110
-rw-r--r--source3/libsmb/libsmb_dir.c3
-rw-r--r--source3/libsmb/libsmb_server.c2
-rw-r--r--source3/registry/reg_api.c28
-rw-r--r--source3/rpc_server/srv_samr_nt.c263
-rw-r--r--source3/rpcclient/cmd_lsarpc.c48
-rw-r--r--source3/rpcclient/cmd_samr.c4
-rw-r--r--source3/rpcclient/cmd_test.c2
-rw-r--r--source3/rpcclient/rpcclient.c2
-rw-r--r--source3/smbd/open.c8
-rw-r--r--source3/torture/mangle_test.c2
-rw-r--r--source3/torture/torture.c10
-rw-r--r--source3/torture/utable.c2
-rw-r--r--source3/utils/net_registry.c6
-rw-r--r--source3/utils/net_rpc.c14
-rw-r--r--source3/utils/net_rpc_audit.c8
-rw-r--r--source3/utils/net_rpc_join.c4
-rw-r--r--source3/utils/net_rpc_printer.c4
-rw-r--r--source3/utils/net_rpc_registry.c14
-rw-r--r--source3/utils/net_rpc_rights.c10
-rw-r--r--source3/utils/net_util.c2
-rw-r--r--source3/utils/netlookup.c2
-rw-r--r--source3/utils/smbcquotas.c2
-rw-r--r--source3/winbindd/winbindd_cm.c18
-rw-r--r--source3/winbindd/winbindd_rpc.c6
-rw-r--r--source4/libcli/security/config.mk3
-rw-r--r--source4/libcli/security/security.h1
42 files changed, 443 insertions, 322 deletions
diff --git a/libcli/samsync/config.mk b/libcli/samsync/config.mk
index 69f798342e..bea909e398 100644
--- a/libcli/samsync/config.mk
+++ b/libcli/samsync/config.mk
@@ -4,7 +4,3 @@ PUBLIC_DEPENDENCIES = \
LIBCLI_SAMSYNC_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/samsync/, \
decrypt.o)
-
-PUBLIC_HEADERS += ../libcli/samsync/samsync.h
-
-$(eval $(call proto_header_template,$(libclicommonsrcdir)/samsync/samsync.h,$(LIBCLI_SAMSYNC_OBJ_FILES:.o=.c)))
diff --git a/libcli/samsync/samsync.h b/libcli/samsync/samsync.h
new file mode 100644
index 0000000000..df76f1b17b
--- /dev/null
+++ b/libcli/samsync/samsync.h
@@ -0,0 +1,34 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Extract the user/system database from a remote SamSync server
+
+ Copyright (C) Guenther Deschner <gd@samba.org> 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SAMSYNC_SAMSYNC_H__
+#define __SAMSYNC_SAMSYNC_H__
+
+/**
+ * Fix up the delta, dealing with encryption issues so that the final
+ * callback need only do the printing or application logic
+ */
+NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds,
+ enum netr_SamDatabaseID database_id,
+ struct netr_DELTA_ENUM *delta);
+
+#endif /* __SAMSYNC_SAMSYNC_H__ */
diff --git a/libcli/security/config.mk b/libcli/security/config.mk
index 7ade01510c..060429bd67 100644
--- a/libcli/security/config.mk
+++ b/libcli/security/config.mk
@@ -2,4 +2,4 @@
PRIVATE_DEPENDENCIES = TALLOC
LIBSECURITY_COMMON_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/security/, \
- dom_sid.o display_sec.o secace.o secacl.o)
+ dom_sid.o display_sec.o secace.o secacl.o security_descriptor.o)
diff --git a/source4/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 8e9c7eb4a9..8e9c7eb4a9 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
diff --git a/libcli/security/security_descriptor.h b/libcli/security/security_descriptor.h
new file mode 100644
index 0000000000..c535f5d253
--- /dev/null
+++ b/libcli/security/security_descriptor.h
@@ -0,0 +1,64 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+
+ Copyright (C) 2009 Jelmer Vernooij <jelmer@samba.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SECURITY_DESCRIPTOR_H__
+#define __SECURITY_DESCRIPTOR_H__
+
+#include "librpc/gen_ndr/security.h"
+
+struct security_descriptor *security_descriptor_initialise(TALLOC_CTX *mem_ctx);
+struct security_descriptor *security_descriptor_copy(TALLOC_CTX *mem_ctx,
+ const struct security_descriptor *osd);
+NTSTATUS security_descriptor_sacl_add(struct security_descriptor *sd,
+ const struct security_ace *ace);
+NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
+ const struct security_ace *ace);
+NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd,
+ const struct dom_sid *trustee);
+NTSTATUS security_descriptor_sacl_del(struct security_descriptor *sd,
+ const struct dom_sid *trustee);
+bool security_ace_equal(const struct security_ace *ace1,
+ const struct security_ace *ace2);
+bool security_acl_equal(const struct security_acl *acl1,
+ const struct security_acl *acl2);
+bool security_descriptor_equal(const struct security_descriptor *sd1,
+ const struct security_descriptor *sd2);
+bool security_descriptor_mask_equal(const struct security_descriptor *sd1,
+ const struct security_descriptor *sd2,
+ uint32_t mask);
+struct security_descriptor *security_descriptor_append(struct security_descriptor *sd,
+ ...);
+struct security_descriptor *security_descriptor_dacl_create(TALLOC_CTX *mem_ctx,
+ uint16_t sd_type,
+ const char *owner_sid,
+ const char *group_sid,
+ ...);
+struct security_descriptor *security_descriptor_sacl_create(TALLOC_CTX *mem_ctx,
+ uint16_t sd_type,
+ const char *owner_sid,
+ const char *group_sid,
+ ...);
+struct security_ace *security_ace_create(TALLOC_CTX *mem_ctx,
+ const char *sid_str,
+ enum security_ace_type type,
+ uint32_t access_mask,
+ uint8_t flags);
+
+#endif /* __SECURITY_DESCRIPTOR_H__ */
diff --git a/librpc/gen_ndr/winreg.h b/librpc/gen_ndr/winreg.h
index e0300fd0e7..103817c466 100644
--- a/librpc/gen_ndr/winreg.h
+++ b/librpc/gen_ndr/winreg.h
@@ -9,6 +9,10 @@
#ifndef _HEADER_winreg
#define _HEADER_winreg
+#define REG_KEY_READ ( (STANDARD_RIGHTS_READ_ACCESS|KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY) )
+#define REG_KEY_EXECUTE ( REG_KEY_READ )
+#define REG_KEY_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|KEY_SET_VALUE|KEY_CREATE_SUB_KEY) )
+#define REG_KEY_ALL ( (STANDARD_RIGHTS_REQUIRED_ACCESS|REG_KEY_READ|REG_KEY_WRITE|KEY_CREATE_LINK) )
/* bitmap winreg_AccessMask */
#define KEY_QUERY_VALUE ( 0x00001 )
#define KEY_SET_VALUE ( 0x00002 )
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index b905bdea7b..18b5edcb5d 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -14,6 +14,10 @@ import "lsa.idl", "security.idl";
{
typedef bitmap security_secinfo security_secinfo;
+ /*
+ * Access Bits for registry ACLS
+ */
+
typedef [bitmap32bit] bitmap {
KEY_QUERY_VALUE = 0x00001,
KEY_SET_VALUE = 0x00002,
@@ -25,6 +29,22 @@ import "lsa.idl", "security.idl";
KEY_WOW64_32KEY = 0x00200
} winreg_AccessMask;
+ const int REG_KEY_READ = ( STANDARD_RIGHTS_READ_ACCESS |
+ KEY_QUERY_VALUE |
+ KEY_ENUMERATE_SUB_KEYS |
+ KEY_NOTIFY);
+
+ const int REG_KEY_EXECUTE = REG_KEY_READ;
+
+ const int REG_KEY_WRITE = ( STANDARD_RIGHTS_WRITE_ACCESS |
+ KEY_SET_VALUE |
+ KEY_CREATE_SUB_KEY);
+
+ const int REG_KEY_ALL = ( STANDARD_RIGHTS_REQUIRED_ACCESS |
+ REG_KEY_READ |
+ REG_KEY_WRITE |
+ KEY_CREATE_LINK);
+
typedef [public,v1_enum] enum {
REG_NONE = 0,
REG_SZ = 1,
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 51a469b2b9..ca42d5b95d 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -388,7 +388,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
../libcli/security/secacl.o \
libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
lib/file_id.o lib/idmap_cache.o \
- ../libcli/security/dom_sid.o
+ ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o
LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)
diff --git a/source3/client/client.c b/source3/client/client.c
index fcb9b27f1f..d74de35bc5 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1389,7 +1389,7 @@ static bool do_mkdir(const char *name)
return false;
}
- if (!cli_mkdir(targetcli, targetname)) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(targetcli, targetname))) {
d_printf("%s making remote directory %s\n",
cli_errstr(targetcli),name);
return false;
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index c9f3e87c4d..7512583e19 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -555,7 +555,7 @@ static bool ensurepath(const char *fname)
safe_strcat(partpath, p, strlen(fname) + 1);
if (!cli_chkpath(cli, partpath)) {
- if (!cli_mkdir(cli, partpath)) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, partpath))) {
SAFE_FREE(partpath);
SAFE_FREE(ffname);
DEBUG(0, ("Error mkdir %s\n", cli_errstr(cli)));
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 943de8db7b..596c772d9e 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -702,6 +702,7 @@ enum flush_reason_enum {
#endif
#include "libcli/security/secace.h"
#include "libcli/security/secacl.h"
+#include "libcli/security/security_descriptor.h"
#if defined(HAVE_POSIX_ACLS)
#include "modules/vfs_posixacl.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index fa6dafa1b0..3ddbf6f3b9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2338,7 +2338,7 @@ bool cli_ntrename(struct cli_state *cli, const char *fname_src, const char *fnam
bool cli_nt_hardlink(struct cli_state *cli, const char *fname_src, const char *fname_dst);
bool cli_unlink_full(struct cli_state *cli, const char *fname, uint16 attrs);
bool cli_unlink(struct cli_state *cli, const char *fname);
-bool cli_mkdir(struct cli_state *cli, const char *dname);
+NTSTATUS cli_mkdir(struct cli_state *cli, const char *dname);
bool cli_rmdir(struct cli_state *cli, const char *dname);
int cli_nt_delete_on_close(struct cli_state *cli, int fnum, bool flag);
int cli_nt_create_full(struct cli_state *cli, const char *fname,
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index c74d621f35..6db3f2d7c7 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -121,9 +121,6 @@ struct standard_mapping {
#define STANDARD_RIGHTS_MASK 0x00FF0000
#define GENERIC_RIGHTS_MASK 0xF0000000
-#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
-#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
-
/* Generic access rights */
#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
@@ -194,39 +191,4 @@ struct standard_mapping {
SA_RIGHT_FILE_WRITE_DATA | \
SA_RIGHT_FILE_READ_DATA)
-/*
- * Access Bits for registry ACLS
- */
-
-/* used by registry ACLs */
-
-#define SEC_RIGHTS_QUERY_VALUE 0x00000001
-#define SEC_RIGHTS_SET_VALUE 0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
-#define SEC_RIGHTS_NOTIFY 0x00000010
-#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
-
-#define REG_KEY_READ \
- ( STANDARD_RIGHTS_READ_ACCESS |\
- SEC_RIGHTS_QUERY_VALUE |\
- SEC_RIGHTS_ENUM_SUBKEYS |\
- SEC_RIGHTS_NOTIFY )
-
-#define REG_KEY_EXECUTE REG_KEY_READ
-
-#define REG_KEY_WRITE \
- ( STANDARD_RIGHTS_WRITE_ACCESS |\
- SEC_RIGHTS_SET_VALUE |\
- SEC_RIGHTS_CREATE_SUBKEY )
-
-#define REG_KEY_ALL \
- ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
- REG_KEY_READ |\
- REG_KEY_WRITE |\
- SEC_RIGHTS_CREATE_LINK )
-
-
#endif /* _RPC_SECDES_H */
diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c
index 0ecac97575..54ce5348a7 100644
--- a/source3/lib/smbconf/smbconf_reg.c
+++ b/source3/lib/smbconf/smbconf_reg.c
@@ -567,7 +567,7 @@ static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path)
}
werr = reg_open_path(ctx, ctx->path,
- SEC_RIGHTS_ENUM_SUBKEYS | REG_KEY_WRITE,
+ KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE,
token, &rpd(ctx)->base_key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 894f5cba32..81990dfd81 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -703,7 +703,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx,
}
status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
+ SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
@@ -888,7 +888,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
&domain_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol);
if (!NT_STATUS_IS_OK(status)) {
@@ -1167,7 +1167,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&sam_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@@ -1175,7 +1175,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
&sam_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
r->in.domain_sid,
&domain_pol);
if (!NT_STATUS_IS_OK(status)) {
@@ -1213,7 +1213,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
&domain_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 0a1168fd0f..5be18366b9 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -596,6 +596,7 @@ bool cli_unlink(struct cli_state *cli, const char *fname)
return cli_unlink_full(cli, fname, aSYSTEM | aHIDDEN);
}
+#if 0
/****************************************************************************
Create a directory.
****************************************************************************/
@@ -631,6 +632,115 @@ bool cli_mkdir(struct cli_state *cli, const char *dname)
return True;
}
+#endif
+
+/****************************************************************************
+ Create a directory.
+****************************************************************************/
+
+static void cli_mkdir_done(struct tevent_req *subreq);
+
+struct cli_mkdir_state {
+ int dummy;
+};
+
+struct tevent_req *cli_mkdir_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct cli_state *cli,
+ const char *dname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_mkdir_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint8_t *bytes = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_mkdir_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (!bytes) {
+ return NULL;
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), dname,
+ strlen(dname)+1, NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBmkdir, additional_flags,
+ 0, NULL, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_mkdir_done, req);
+ return req;
+}
+
+static void cli_mkdir_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_mkdir_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_mkdir(struct cli_state *cli, const char *dname)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct event_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (cli_has_async_calls(cli)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = event_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_mkdir_send(frame, ev, cli, dname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll(req, ev)) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ status = cli_mkdir_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_set_error(cli, status);
+ }
+ return status;
+}
/****************************************************************************
Remove a directory.
diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
index 219bbe64e1..5afc8e48b6 100644
--- a/source3/libsmb/libsmb_dir.c
+++ b/source3/libsmb/libsmb_dir.c
@@ -1177,8 +1177,7 @@ SMBC_mkdir_ctx(SMBCCTX *context,
}
/*d_printf(">>>mkdir: resolved path as %s\n", targetpath);*/
- if (!cli_mkdir(targetcli, targetpath)) {
-
+ if (!NT_STATUS_IS_OK(cli_mkdir(targetcli, targetpath))) {
errno = SMBC_errno(context, targetcli);
TALLOC_FREE(frame);
return -1;
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index eda37f2187..60849c812f 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -740,7 +740,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
/*
* Some systems don't support
- * SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
+ * SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
* so we might as well do it too.
*/
diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c
index c1a78c14dc..817d43be6b 100644
--- a/source3/registry/reg_api.c
+++ b/source3/registry/reg_api.c
@@ -272,7 +272,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
err = regkey_open_onelevel(mem_ctx, direct_parent,
name_component, parent->token,
- SEC_RIGHTS_ENUM_SUBKEYS, &tmp);
+ KEY_ENUMERATE_SUB_KEYS, &tmp);
SAFE_FREE(name_component);
if (!W_ERROR_IS_OK(err)) {
@@ -301,7 +301,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key,
{
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) {
+ if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) {
return WERR_ACCESS_DENIED;
}
@@ -332,7 +332,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
struct registry_value *val;
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -370,7 +370,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
WERROR err;
uint32 i;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -399,7 +399,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
WERROR err;
struct security_descriptor *secdesc;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -483,7 +483,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
*end = '\0';
err = reg_createkey(mem_ctx, key, path,
- SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action);
+ KEY_ENUMERATE_SUB_KEYS, &tmp, &action);
if (!W_ERROR_IS_OK(err)) {
goto done;
}
@@ -521,7 +521,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
* with ENUM_SUBKEY access.
*/
- err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY,
+ err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY,
&create_parent);
if (!W_ERROR_IS_OK(err)) {
goto done;
@@ -582,7 +582,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path)
*end = '\0';
err = reg_openkey(mem_ctx, parent, name,
- SEC_RIGHTS_CREATE_SUBKEY, &tmp_key);
+ KEY_CREATE_SUB_KEY, &tmp_key);
W_ERROR_NOT_OK_GOTO_DONE(err);
parent = tmp_key;
@@ -608,7 +608,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
DATA_BLOB value_data;
int res;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -655,7 +655,7 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name)
{
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -982,7 +982,7 @@ WERROR reg_deleteallvalues(struct registry_key *key)
WERROR err;
int i;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -1038,7 +1038,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
*p = '\0';
- err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token,
+ err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token,
&hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@@ -1209,7 +1209,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
err = reg_openhive(mem_ctx, path,
(strchr(p+1, '\\') != NULL) ?
- SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+ KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@@ -1249,7 +1249,7 @@ WERROR reg_delete_path(const struct nt_user_token *token,
err = reg_openhive(NULL, path,
(strchr(p+1, '\\') != NULL) ?
- SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+ KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 90131e1624..a651cd21e2 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -84,17 +84,6 @@ typedef struct disp_info {
* handler. */
} DISP_INFO;
-/* We keep a static list of these by SID as modern clients close down
- all resources between each request in a complete enumeration. */
-
-struct samr_info {
- /* for use by the \PIPE\samr policy */
- DOM_SID sid;
- uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */
- uint32 acc_granted;
- DISP_INFO *disp_info;
-};
-
static const struct generic_mapping sam_generic_mapping = {
GENERIC_RIGHTS_SAM_READ,
GENERIC_RIGHTS_SAM_WRITE,
@@ -240,36 +229,6 @@ done:
return status;
}
-/*******************************************************************
- Checks if access to a function can be granted
-********************************************************************/
-
-static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
-{
- DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n",
- debug, acc_granted, acc_required));
-
- /* check the security descriptor first */
-
- if ( (acc_granted&acc_required) == acc_required )
- return NT_STATUS_OK;
-
- /* give root a free pass */
-
- if (geteuid() == sec_initial_uid()) {
-
- DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
- debug, acc_granted, acc_required));
- DEBUGADD(4,("but overwritten by euid == 0\n"));
-
- return NT_STATUS_OK;
- }
-
- DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n",
- debug, acc_granted, acc_required));
-
- return NT_STATUS_ACCESS_DENIED;
-}
/*******************************************************************
Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
@@ -387,37 +346,6 @@ static DISP_INFO *get_samr_dispinfo_by_sid(const struct dom_sid *psid)
}
/*******************************************************************
- Create a samr_info struct.
-********************************************************************/
-
-static int samr_info_destructor(struct samr_info *info);
-
-static struct samr_info *get_samr_info_by_sid(TALLOC_CTX *mem_ctx,
- DOM_SID *psid)
-{
- struct samr_info *info;
-
- info = talloc_zero(mem_ctx, struct samr_info);
- if (info == NULL) {
- return NULL;
- }
- talloc_set_destructor(info, samr_info_destructor);
-
- DEBUG(10, ("get_samr_info_by_sid: created new info for sid %s\n",
- sid_string_dbg(psid)));
-
- if (psid) {
- sid_copy( &info->sid, psid);
- } else {
- DEBUG(10,("get_samr_info_by_sid: created new info for NULL sid.\n"));
- }
-
- info->disp_info = get_samr_dispinfo_by_sid(psid);
-
- return info;
-}
-
-/*******************************************************************
Function to free the per SID data.
********************************************************************/
@@ -440,17 +368,6 @@ static void free_samr_cache(DISP_INFO *disp_info)
unbecome_root();
}
-static int samr_info_destructor(struct samr_info *info)
-{
- /* Only free the dispinfo cache if no one bothered to set up
- a timeout. */
-
- if (info->disp_info && info->disp_info->cache_timeout_event == NULL) {
- free_samr_cache(info->disp_info);
- }
- return 0;
-}
-
/*******************************************************************
Idle event handler. Throw away the disp info cache.
********************************************************************/
@@ -724,46 +641,25 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
}
/*******************************************************************
-********************************************************************/
-
-static bool get_lsa_policy_samr_sid( pipes_struct *p, struct policy_handle *pol,
- DOM_SID *sid, uint32 *acc_granted,
- DISP_INFO **ppdisp_info)
-{
- struct samr_info *info = NULL;
-
- /* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, pol, (void **)(void *)&info))
- return False;
-
- if (!info)
- return False;
-
- *sid = info->sid;
- *acc_granted = info->acc_granted;
- if (ppdisp_info) {
- *ppdisp_info = info->disp_info;
- }
-
- return True;
-}
-
-/*******************************************************************
_samr_SetSecurity
********************************************************************/
NTSTATUS _samr_SetSecurity(pipes_struct *p,
struct samr_SetSecurity *r)
{
- DOM_SID pol_sid;
- uint32 acc_granted, i;
+ struct samr_user_info *uinfo;
+ uint32 i;
SEC_ACL *dacl;
bool ret;
struct samu *sampass=NULL;
NTSTATUS status;
- if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
- return NT_STATUS_INVALID_HANDLE;
+ uinfo = policy_handle_find(p, r->in.handle,
+ SAMR_USER_ACCESS_SET_ATTRIBUTES, NULL,
+ struct samr_user_info, &status);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
if (!(sampass = samu_new( p->mem_ctx))) {
DEBUG(0,("No memory!\n"));
@@ -772,18 +668,19 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
/* get the user record */
become_root();
- ret = pdb_getsampwsid(sampass, &pol_sid);
+ ret = pdb_getsampwsid(sampass, &uinfo->sid);
unbecome_root();
if (!ret) {
- DEBUG(4, ("User %s not found\n", sid_string_dbg(&pol_sid)));
+ DEBUG(4, ("User %s not found\n",
+ sid_string_dbg(&uinfo->sid)));
TALLOC_FREE(sampass);
return NT_STATUS_INVALID_HANDLE;
}
dacl = r->in.sdbuf->sd->dacl;
for (i=0; i < dacl->num_aces; i++) {
- if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
+ if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
ret = pdb_set_pass_can_change(sampass,
(dacl->aces[i].access_mask &
SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
@@ -797,14 +694,9 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- status = access_check_samr_function(acc_granted,
- SAMR_USER_ACCESS_SET_ATTRIBUTES,
- "_samr_SetSecurity");
- if (NT_STATUS_IS_OK(status)) {
- become_root();
- status = pdb_update_sam_account(sampass);
- unbecome_root();
- }
+ become_root();
+ status = pdb_update_sam_account(sampass);
+ unbecome_root();
TALLOC_FREE(sampass);
@@ -852,60 +744,99 @@ static bool check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
NTSTATUS _samr_QuerySecurity(pipes_struct *p,
struct samr_QuerySecurity *r)
{
+ struct samr_connect_info *cinfo;
+ struct samr_domain_info *dinfo;
+ struct samr_user_info *uinfo;
+ struct samr_group_info *ginfo;
+ struct samr_alias_info *ainfo;
NTSTATUS status;
- DOM_SID pol_sid;
SEC_DESC * psd = NULL;
- uint32 acc_granted;
size_t sd_size;
- /* Get the SID. */
- if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
- return NT_STATUS_INVALID_HANDLE;
-
- DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
- sid_string_dbg(&pol_sid)));
-
- status = access_check_samr_function(acc_granted,
- STD_RIGHT_READ_CONTROL_ACCESS,
- "_samr_QuerySecurity");
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ cinfo = policy_handle_find(p, r->in.handle,
+ STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ struct samr_connect_info, &status);
+ if (NT_STATUS_IS_OK(status)) {
+ DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
+ status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size,
+ &sam_generic_mapping, NULL, 0);
+ goto done;
}
- /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
-
- /* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */
- if (pol_sid.sid_rev_num == 0) {
- DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
- status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
- } else if (sid_equal(&pol_sid,get_global_sam_sid())) {
- /* check if it is our domain SID */
+ dinfo = policy_handle_find(p, r->in.handle,
+ STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ struct samr_domain_info, &status);
+ if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
- "with SID: %s\n", sid_string_dbg(&pol_sid)));
- status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
- } else if (sid_equal(&pol_sid,&global_sid_Builtin)) {
- /* check if it is the Builtin Domain */
- /* TODO: Builtin probably needs a different SD with restricted write access*/
- DEBUG(5,("_samr_QuerySecurity: querying security on Builtin "
- "Domain with SID: %s\n", sid_string_dbg(&pol_sid)));
- status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
- } else if (sid_check_is_in_our_domain(&pol_sid) ||
- sid_check_is_in_builtin(&pol_sid)) {
- /* TODO: different SDs have to be generated for aliases groups and users.
- Currently all three get a default user SD */
- DEBUG(10,("_samr_QuerySecurity: querying security on Object "
- "with SID: %s\n", sid_string_dbg(&pol_sid)));
- if (check_change_pw_access(p->mem_ctx, &pol_sid)) {
- status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
- &pol_sid, SAMR_USR_RIGHTS_WRITE_PW);
+ "with SID: %s\n", sid_string_dbg(&dinfo->sid)));
+ /*
+ * TODO: Builtin probably needs a different SD with restricted
+ * write access
+ */
+ status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size,
+ &dom_generic_mapping, NULL, 0);
+ goto done;
+ }
+
+ uinfo = policy_handle_find(p, r->in.handle,
+ STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ struct samr_user_info, &status);
+ if (NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("_samr_QuerySecurity: querying security on user "
+ "Object with SID: %s\n",
+ sid_string_dbg(&uinfo->sid)));
+ if (check_change_pw_access(p->mem_ctx, &uinfo->sid)) {
+ status = make_samr_object_sd(
+ p->mem_ctx, &psd, &sd_size,
+ &usr_generic_mapping,
+ &uinfo->sid, SAMR_USR_RIGHTS_WRITE_PW);
} else {
- status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping,
- &pol_sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
+ status = make_samr_object_sd(
+ p->mem_ctx, &psd, &sd_size,
+ &usr_nopwchange_generic_mapping,
+ &uinfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
}
- } else {
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ goto done;
}
+ ginfo = policy_handle_find(p, r->in.handle,
+ STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ struct samr_group_info, &status);
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * TODO: different SDs have to be generated for aliases groups
+ * and users. Currently all three get a default user SD
+ */
+ DEBUG(10,("_samr_QuerySecurity: querying security on group "
+ "Object with SID: %s\n",
+ sid_string_dbg(&ginfo->sid)));
+ status = make_samr_object_sd(
+ p->mem_ctx, &psd, &sd_size,
+ &usr_nopwchange_generic_mapping,
+ &ginfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
+ goto done;
+ }
+
+ ainfo = policy_handle_find(p, r->in.handle,
+ STD_RIGHT_READ_CONTROL_ACCESS, NULL,
+ struct samr_alias_info, &status);
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * TODO: different SDs have to be generated for aliases groups
+ * and users. Currently all three get a default user SD
+ */
+ DEBUG(10,("_samr_QuerySecurity: querying security on alias "
+ "Object with SID: %s\n",
+ sid_string_dbg(&ainfo->sid)));
+ status = make_samr_object_sd(
+ p->mem_ctx, &psd, &sd_size,
+ &usr_nopwchange_generic_mapping,
+ &ainfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
+ goto done;
+ }
+
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+done:
if ((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
return NT_STATUS_NO_MEMORY;
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index cf2b1ae563..ef3187579a 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -42,7 +42,7 @@ static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
@@ -167,7 +167,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
switch (info_class) {
case 12:
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -180,7 +180,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
break;
default:
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -220,7 +220,7 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -268,7 +268,7 @@ static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -320,7 +320,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -460,7 +460,7 @@ static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
pref_max_length=atoi(argv[2]);
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -512,7 +512,7 @@ static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -565,7 +565,7 @@ static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
pref_max_length=atoi(argv[2]);
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -618,7 +618,7 @@ static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@@ -666,7 +666,7 @@ static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@@ -728,7 +728,7 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@@ -777,7 +777,7 @@ static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@@ -830,7 +830,7 @@ static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@@ -880,7 +880,7 @@ static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@@ -922,7 +922,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (argc == 2)
@@ -995,7 +995,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID dom_sid;
- uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
uint8_t nt_hash[16];
@@ -1043,7 +1043,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
struct lsa_String trusted_domain;
@@ -1091,7 +1091,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
{
struct policy_handle pol, trustdom_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
DOM_SID dom_sid;
enum lsa_TrustDomInfoEnum info_class = 1;
@@ -1160,7 +1160,7 @@ static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -1210,7 +1210,7 @@ static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -1220,7 +1220,7 @@ static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
result = rpccli_lsa_OpenAccount(cli, mem_ctx,
&dom_pol,
&sid,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&user_pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -1294,7 +1294,7 @@ static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -1304,7 +1304,7 @@ static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
result = rpccli_lsa_OpenAccount(cli, mem_ctx,
&dom_pol,
&sid,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&user_pol);
if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 83cec72318..96484f0982 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -2860,7 +2860,7 @@ static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
}
status = rpccli_try_samr_connects(cli, mem_ctx,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&connect_handle);
if (!NT_STATUS_IS_OK(status)) {
@@ -2869,7 +2869,7 @@ static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
status = rpccli_samr_OpenDomain(cli, mem_ctx,
&connect_handle,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&domain_sid,
&domain_handle);
diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c
index b7be038539..85e90a19b5 100644
--- a/source3/rpcclient/cmd_test.c
+++ b/source3/rpcclient/cmd_test.c
@@ -45,7 +45,7 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
}
status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
- SEC_RIGHTS_QUERY_VALUE, &pol);
+ KEY_QUERY_VALUE, &pol);
if (!NT_STATUS_IS_OK(status))
goto done;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 6fd6b4f6d9..ceeeae7ea6 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -156,7 +156,7 @@ static void fetch_machine_sid(struct cli_state *cli)
}
result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
goto error;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 451461744b..a0ae82a73c 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2400,9 +2400,9 @@ static NTSTATUS open_directory(connection_struct *conn,
}
/* We need to support SeSecurityPrivilege for this. */
- if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+ if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
DEBUG(10, ("open_directory: open on %s "
- "failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
+ "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
fname));
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
@@ -2946,7 +2946,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
#if 0
/* We need to support SeSecurityPrivilege for this. */
- if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
+ if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
!user_has_privileges(current_user.nt_user_token,
&se_security)) {
status = NT_STATUS_PRIVILEGE_NOT_HELD;
@@ -2954,7 +2954,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
}
#else
/* We need to support SeSecurityPrivilege for this. */
- if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+ if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
status = NT_STATUS_PRIVILEGE_NOT_HELD;
goto fail;
}
diff --git a/source3/torture/mangle_test.c b/source3/torture/mangle_test.c
index 00457719a8..525a1eb3c3 100644
--- a/source3/torture/mangle_test.c
+++ b/source3/torture/mangle_test.c
@@ -180,7 +180,7 @@ bool torture_mangle(int dummy)
cli_unlink(cli, "\\mangle_test\\*");
cli_rmdir(cli, "\\mangle_test");
- if (!cli_mkdir(cli, "\\mangle_test")) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\mangle_test"))) {
printf("ERROR: Failed to make directory\n");
return False;
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 07945fccf1..0328cfe545 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -2625,7 +2625,7 @@ static bool run_trans2test(int dummy)
/* check if the server updates the directory modification time
when creating a new file */
- if (!cli_mkdir(cli, dname)) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, dname))) {
printf("ERROR: mkdir failed (%s)\n", cli_errstr(cli));
correct = False;
}
@@ -4584,12 +4584,12 @@ bool torture_chkpath_test(int dummy)
cli_unlink(cli, "\\chkpath.dir\\*");
cli_rmdir(cli, "\\chkpath.dir");
- if (!cli_mkdir(cli, "\\chkpath.dir")) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\chkpath.dir"))) {
printf("mkdir1 failed : %s\n", cli_errstr(cli));
return False;
}
- if (!cli_mkdir(cli, "\\chkpath.dir\\dir2")) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\chkpath.dir\\dir2"))) {
printf("mkdir2 failed : %s\n", cli_errstr(cli));
return False;
}
@@ -4801,7 +4801,7 @@ static bool run_dirtest1(int dummy)
for (i=0;i<1000;i++) {
fstring fname;
slprintf(fname, sizeof(fname), "\\LISTDIR\\d%d", i);
- if (!cli_mkdir(cli, fname)) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, fname))) {
fprintf(stderr,"Failed to open %s\n", fname);
return False;
}
@@ -5279,7 +5279,7 @@ static bool run_uid_regression_test(int dummy)
cli->vuid = old_vuid;
/* Try an operation. */
- if (!cli_mkdir(cli, "\\uid_reg_test")) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\uid_reg_test"))) {
/* We expect bad uid. */
if (!check_error(__LINE__, cli, ERRSRV, ERRbaduid,
NT_STATUS_NO_SUCH_USER)) {
diff --git a/source3/torture/utable.c b/source3/torture/utable.c
index e36b0388c4..aaa763a2a3 100644
--- a/source3/torture/utable.c
+++ b/source3/torture/utable.c
@@ -132,7 +132,7 @@ bool torture_casetable(int dummy)
cli_unlink(cli, "\\utable\\*");
cli_rmdir(cli, "\\utable");
- if (!cli_mkdir(cli, "\\utable")) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\utable"))) {
printf("Failed to create utable directory!\n");
return False;
}
diff --git a/source3/utils/net_registry.c b/source3/utils/net_registry.c
index e2f410b9ac..d6cdd982c3 100644
--- a/source3/utils/net_registry.c
+++ b/source3/utils/net_registry.c
@@ -411,11 +411,11 @@ static int net_registry_getsd(struct net_context *c, int argc,
struct security_descriptor *secdesc = NULL;
TALLOC_CTX *ctx = talloc_stackframe();
uint32_t access_mask = REG_KEY_READ |
- SEC_RIGHT_MAXIMUM_ALLOWED |
- SEC_RIGHT_SYSTEM_SECURITY;
+ SEC_FLAG_MAXIMUM_ALLOWED |
+ SEC_FLAG_SYSTEM_SECURITY;
/*
- * net_rpc_regsitry uses SEC_RIGHT_SYSTEM_SECURITY, but access
+ * net_rpc_regsitry uses SEC_FLAG_SYSTEM_SECURITY, but access
* is denied with these perms right now...
*/
access_mask = REG_KEY_READ;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 5dd3df9a69..29e2f4f05d 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -68,7 +68,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
}
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "open_policy failed: %s\n",
@@ -1668,7 +1668,7 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
+ SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -2485,7 +2485,7 @@ static NTSTATUS rpc_list_alias_members(struct net_context *c,
}
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
+ SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't open LSA policy handle\n");
@@ -3850,7 +3850,7 @@ static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
struct policy_handle lsa_pol;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&lsa_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -5596,7 +5596,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
return -1;
}
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -5854,7 +5854,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc,
return -1;
};
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -6011,7 +6011,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
return -1;
};
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
diff --git a/source3/utils/net_rpc_audit.c b/source3/utils/net_rpc_audit.c
index aa7fc7c394..823fe06f1a 100644
--- a/source3/utils/net_rpc_audit.c
+++ b/source3/utils/net_rpc_audit.c
@@ -88,7 +88,7 @@ static NTSTATUS rpc_audit_get_internal(struct net_context *c,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -170,7 +170,7 @@ static NTSTATUS rpc_audit_set_internal(struct net_context *c,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -229,7 +229,7 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
union lsa_PolicyInformation *info = NULL;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -314,7 +314,7 @@ static NTSTATUS rpc_audit_list_internal(struct net_context *c,
int i;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index c2e3630641..ed0311317d 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -211,7 +211,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
CHECK_RPC_ERR(rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&lsa_pol),
"error opening lsa policy handle");
@@ -326,7 +326,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
CHECK_RPC_ERR_DEBUG(
rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
&domain_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol),
("could not re-open existing user %s: %s\n",
diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c
index 9721628f02..477ddf7f26 100644
--- a/source3/utils/net_rpc_printer.c
+++ b/source3/utils/net_rpc_printer.c
@@ -406,7 +406,7 @@ NTSTATUS net_copy_file(struct net_context *c,
DEBUGADD(3,("creating dir %s on the destination server\n",
dst_name));
- if (!cli_mkdir(cli_share_dst, dst_name)) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli_share_dst, dst_name))) {
DEBUG(0,("cannot create directory %s: %s\n",
dst_name, cli_errstr(cli_share_dst)));
nt_status = NT_STATUS_NO_SUCH_FILE;
@@ -555,7 +555,7 @@ static NTSTATUS check_arch_dir(struct cli_state *cli_share, const char *short_ar
DEBUG(10,("creating print-driver dir for architecture: %s\n",
short_archi));
- if (!cli_mkdir(cli_share, dir)) {
+ if (!NT_STATUS_IS_OK(cli_mkdir(cli_share, dir))) {
DEBUG(1,("cannot create directory %s: %s\n",
dir, cli_errstr(cli_share)));
nt_status = NT_STATUS_NO_SUCH_FILE;
diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 60274728f3..cad605fdde 100644
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -383,7 +383,7 @@ static NTSTATUS rpc_registry_setvalue_internal(struct net_context *c,
struct registry_value value;
status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd, &key_hnd);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",
@@ -455,7 +455,7 @@ static NTSTATUS rpc_registry_deletevalue_internal(struct net_context *c,
ZERO_STRUCT(valuename);
status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd, &key_hnd);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",
@@ -516,7 +516,7 @@ static NTSTATUS rpc_registry_getvalue_internal(struct net_context *c,
ZERO_STRUCT(valuename);
status = registry_openkey(tmp_ctx, pipe_hnd, argv[0],
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd, &key_hnd);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",
@@ -657,7 +657,7 @@ static NTSTATUS rpc_registry_createkey_internal(struct net_context *c,
}
status = rpccli_winreg_Connect(pipe_hnd, mem_ctx, hive,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd);
if (!(NT_STATUS_IS_OK(status))) {
return status;
@@ -727,7 +727,7 @@ static NTSTATUS rpc_registry_deletekey_internal(struct net_context *c,
}
status = rpccli_winreg_Connect(pipe_hnd, mem_ctx, hive,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd);
if (!(NT_STATUS_IS_OK(status))) {
return status;
@@ -1147,8 +1147,8 @@ static NTSTATUS rpc_registry_getsd_internal(struct net_context *c,
DATA_BLOB blob;
struct security_descriptor sec_desc;
uint32_t access_mask = REG_KEY_READ |
- SEC_RIGHT_MAXIMUM_ALLOWED |
- SEC_RIGHT_SYSTEM_SECURITY;
+ SEC_FLAG_MAXIMUM_ALLOWED |
+ SEC_FLAG_SYSTEM_SECURITY;
if (argc <1 || argc > 2 || c->display_usage) {
d_printf("Usage: net rpc registry getsd <path> <secinfo>\n");
diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c
index 10166b6d2b..abf70e7ea2 100644
--- a/source3/utils/net_rpc_rights.c
+++ b/source3/utils/net_rpc_rights.c
@@ -34,7 +34,7 @@ static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd,
char **domains = NULL, **names = NULL;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
+ SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
@@ -70,7 +70,7 @@ static NTSTATUS name_to_sid(struct rpc_pipe_client *pipe_hnd,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
+ SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
@@ -328,7 +328,7 @@ static NTSTATUS rpc_rights_list_internal(struct net_context *c,
uint16 lang_id_desc;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
+ SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
@@ -456,7 +456,7 @@ static NTSTATUS rpc_rights_grant_internal(struct net_context *c,
goto done;
result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@@ -522,7 +522,7 @@ static NTSTATUS rpc_rights_revoke_internal(struct net_context *c,
return result;
result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c
index 2915ffb809..8bf9aac6f2 100644
--- a/source3/utils/net_util.c
+++ b/source3/utils/net_util.c
@@ -45,7 +45,7 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c,
}
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "open_policy failed: %s\n",
diff --git a/source3/utils/netlookup.c b/source3/utils/netlookup.c
index dd0efa4142..af219eb93c 100644
--- a/source3/utils/netlookup.c
+++ b/source3/utils/netlookup.c
@@ -131,7 +131,7 @@ static struct con_struct *create_cs(struct net_context *c,
}
nt_status = rpccli_lsa_open_policy(cs->lsapipe, ctx, true,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&cs->pol);
if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
index 78260acf76..1425d428ec 100644
--- a/source3/utils/smbcquotas.c
+++ b/source3/utils/smbcquotas.c
@@ -62,7 +62,7 @@ static bool cli_open_policy_hnd(void)
if (!got_policy_hnd) {
- /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
+ /* Some systems don't support SEC_FLAG_MAXIMUM_ALLOWED,
but NT sends 0x2000000 so we might as well do it too. */
if (!NT_STATUS_IS_OK(rpccli_lsa_open_policy(global_pipe_hnd, talloc_tos(), True,
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 9cf4597595..b59a391029 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1852,7 +1852,7 @@ no_dssetup:
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
+ SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if (NT_STATUS_IS_OK(result)) {
/* This particular query is exactly what Win2k clients use
@@ -1894,7 +1894,7 @@ no_dssetup:
domain->active_directory = False;
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -2068,7 +2068,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
conn->samr_pipe->desthost,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
goto open_domain;
@@ -2103,7 +2103,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
conn->samr_pipe->desthost,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
goto open_domain;
@@ -2125,7 +2125,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
conn->samr_pipe->desthost,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("cm_connect_sam: rpccli_samr_Connect2 failed "
@@ -2138,7 +2138,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_OpenDomain(conn->samr_pipe,
mem_ctx,
&conn->sam_connect_handle,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&domain->sid,
&conn->sam_domain_handle);
@@ -2203,7 +2203,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
domain->name, conn->cli->domain, conn->cli->user_name ));
result = rpccli_lsa_open_policy(conn->lsa_pipe, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&conn->lsa_policy);
if (NT_STATUS_IS_OK(result)) {
goto done;
@@ -2239,7 +2239,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
"schannel.\n", domain->name ));
result = rpccli_lsa_open_policy(conn->lsa_pipe, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&conn->lsa_policy);
if (NT_STATUS_IS_OK(result)) {
goto done;
@@ -2261,7 +2261,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
result = rpccli_lsa_open_policy(conn->lsa_pipe, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
&conn->lsa_policy);
done:
if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 5edb0d98b0..50ccbae6b2 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -525,7 +525,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
/* Get user handle */
result = rpccli_samr_OpenUser(cli, mem_ctx,
&dom_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol);
@@ -565,7 +565,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct policy_handle dom_pol, user_pol;
- uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ uint32 des_access = SEC_FLAG_MAXIMUM_ALLOWED;
struct samr_RidWithAttributeArray *rid_array = NULL;
unsigned int i;
uint32 user_rid;
@@ -746,7 +746,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 i, total_names = 0;
struct policy_handle dom_pol, group_pol;
- uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ uint32 des_access = SEC_FLAG_MAXIMUM_ALLOWED;
uint32 *rid_mem = NULL;
uint32 group_rid;
unsigned int j, r;
diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk
index 9d23fe9588..d08c25d66f 100644
--- a/source4/libcli/security/config.mk
+++ b/source4/libcli/security/config.mk
@@ -2,7 +2,6 @@
PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_COMMON
LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \
- security_token.o security_descriptor.o \
- access_check.o privilege.o sddl.o) \
+ security_token.o access_check.o privilege.o sddl.o) \
$(eval $(call proto_header_template,$(libclisrcdir)/security/proto.h,$(LIBSECURITY_OBJ_FILES:.o=.c)))
diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h
index 2608c9f7ed..6dbbe014e7 100644
--- a/source4/libcli/security/security.h
+++ b/source4/libcli/security/security.h
@@ -33,3 +33,4 @@ struct auth_session_info;
#include "libcli/security/secace.h"
#include "libcli/security/secacl.h"
#include "libcli/security/proto.h"
+#include "libcli/security/security_descriptor.h"