summaryrefslogtreecommitdiff
path: root/source4/ntvfs
diff options
context:
space:
mode:
Diffstat (limited to 'source4/ntvfs')
-rw-r--r--source4/ntvfs/common/opendb.c29
-rw-r--r--source4/ntvfs/ntvfs_generic.c31
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c80
-rw-r--r--source4/ntvfs/posix/pvfs_open.c24
-rw-r--r--source4/ntvfs/posix/pvfs_read.c5
-rw-r--r--source4/ntvfs/posix/pvfs_setfileinfo.c5
-rw-r--r--source4/ntvfs/posix/pvfs_write.c3
7 files changed, 94 insertions, 83 deletions
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c
index 99c013fc84..8947a5d255 100644
--- a/source4/ntvfs/common/opendb.c
+++ b/source4/ntvfs/common/opendb.c
@@ -40,6 +40,7 @@
#include "includes.h"
#include "messages.h"
+#include "librpc/gen_ndr/ndr_security.h"
struct odb_context {
struct tdb_wrap *w;
@@ -157,14 +158,18 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
/* if either open involves no read.write or delete access then
it can't conflict */
- if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e1->access_mask & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return False;
}
- if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e2->access_mask & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return False;
}
@@ -176,24 +181,24 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
}
CHECK_MASK(e1->access_mask, e2->share_access,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e2->access_mask, e1->share_access,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e1->access_mask, e2->share_access,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e2->access_mask, e1->share_access,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e1->access_mask, e2->share_access,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
CHECK_MASK(e2->access_mask, e1->share_access,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
/* if a delete is pending then a second open is not allowed */
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index a9bc8120c8..49de8944ff 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -33,6 +33,7 @@
#include "includes.h"
#include "smb_server/smb_server.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* a second stage function converts from the out parameters of the generic
call onto the out parameters of the specific call made */
@@ -178,7 +179,7 @@ static NTSTATUS ntvfs_map_open_finish(struct smbsrv_request *req,
io->openx.out.devstate = 0;
io->openx.out.action = io2->generic.out.create_action;
io->openx.out.unique_fid = 0;
- io->openx.out.access_mask = STANDARD_RIGHTS_ALL_ACCESS;
+ io->openx.out.access_mask = SEC_STD_ALL;
io->openx.out.unknown = 0;
/* we need to extend the file to the requested size if
@@ -280,17 +281,19 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
switch (io->openx.in.open_mode & OPENX_MODE_ACCESS_MASK) {
case OPENX_MODE_ACCESS_READ:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openx.out.access = OPENX_MODE_ACCESS_READ;
break;
case OPENX_MODE_ACCESS_WRITE:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_WRITE;
break;
case OPENX_MODE_ACCESS_RDWR:
case OPENX_MODE_ACCESS_FCB:
case OPENX_MODE_ACCESS_EXEC:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE | GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask =
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_RDWR;
break;
default:
@@ -381,17 +384,17 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN;
switch (io->openold.in.flags & OPEN_FLAGS_MODE_MASK) {
case OPEN_FLAGS_OPEN_READ:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openold.out.rmode = DOS_OPEN_RDONLY;
break;
case OPEN_FLAGS_OPEN_WRITE:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_WRONLY;
break;
case OPEN_FLAGS_OPEN_RDWR:
case 0xf: /* FCB mode */
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_RDWR; /* assume we got r/w */
break;
default:
@@ -463,8 +466,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
@@ -476,8 +479,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
@@ -493,8 +496,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
generate_random_str_list(io2, 5, "0123456789"));
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 2ff873fd78..2fff6db628 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -71,7 +71,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
- Group
- Everyone
*/
- access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS;
+ access_masks[0] = SEC_RIGHTS_FULL_CONTROL;
access_masks[1] = 0;
access_masks[2] = 0;
access_masks[3] = 0;
@@ -80,54 +80,54 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
if (mode & S_IRUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES |
- STD_RIGHT_DELETE_ACCESS;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_STD_DELETE;
}
if (mode & S_IRGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
if (mode & S_IROTH) {
access_masks[3] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWOTH) {
access_masks[3] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
@@ -163,16 +163,16 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
*/
static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags)
{
- if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_OWNER)) {
sd->owner_sid = NULL;
}
- if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_GROUP)) {
sd->group_sid = NULL;
}
- if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_DACL)) {
sd->dacl = NULL;
}
- if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_SACL)) {
sd->sacl = NULL;
}
}
@@ -214,16 +214,16 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
new_sd = info->set_secdesc.in.sd;
/* only set the elements that have been specified */
- if (secinfo_flags & OWNER_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_OWNER) {
sd->owner_sid = new_sd->owner_sid;
}
- if (secinfo_flags & GROUP_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_GROUP) {
sd->group_sid = new_sd->group_sid;
}
- if (secinfo_flags & DACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_DACL) {
sd->dacl = new_sd->dacl;
}
- if (secinfo_flags & SACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_SACL) {
sd->sacl = new_sd->sacl;
}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 3d0e444d29..4b8de28488 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -380,11 +380,11 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
return NT_STATUS_CANNOT_DELETE;
}
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags = O_RDWR;
} else {
flags = O_RDONLY;
@@ -460,7 +460,7 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
union smb_setfileinfo set;
set.set_secdesc.file.fnum = fnum;
- set.set_secdesc.in.secinfo_flags = DACL_SECURITY_INFORMATION;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
set.set_secdesc.in.sd = io->ntcreatex.in.sec_desc;
status = pvfs_acl_set(pvfs, req, name, fd, &set);
@@ -676,7 +676,7 @@ static NTSTATUS pvfs_open_deny_dos(struct ntvfs_module_context *ntvfs,
(f2->handle->create_options &
(NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
- (f2->access_mask & SA_RIGHT_FILE_WRITE_DATA) &&
+ (f2->access_mask & SEC_FILE_WRITE_DATA) &&
StrCaseCmp(f2->handle->name->original_name,
io->generic.in.fname)==0) {
break;
@@ -862,17 +862,17 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
share_access = io->generic.in.share_access;
access_mask = io->generic.in.access_mask;
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) {
- access_mask = GENERIC_RIGHTS_FILE_READ;
+ access_mask = SEC_RIGHTS_FILE_READ;
} else {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
}
/* certain create options are not allowed */
if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
- !(access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ !(access_mask & SEC_STD_DELETE)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -914,7 +914,7 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags |= O_RDWR;
} else {
flags |= O_RDONLY;
@@ -1240,7 +1240,7 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_WRITE |
NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
@@ -1263,7 +1263,7 @@ NTSTATUS pvfs_can_rename(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE,
0,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
index 793a97ba62..db597d7097 100644
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "vfs_posix.h"
#include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
read from a file
@@ -50,9 +51,9 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- mask = SA_RIGHT_FILE_READ_DATA;
+ mask = SEC_FILE_READ_DATA;
if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
- mask |= SA_RIGHT_FILE_EXECUTE;
+ mask |= SEC_FILE_EXECUTE;
}
if (!(f->access_mask & mask)) {
return NT_STATUS_ACCESS_DENIED;
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 5a758a6b70..c43ef5c40a 100644
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -258,7 +258,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
case RAW_SFILEINFO_DISPOSITION_INFO:
case RAW_SFILEINFO_DISPOSITION_INFORMATION:
- if (!(f->access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ if (!(f->access_mask & SEC_STD_DELETE)) {
return NT_STATUS_ACCESS_DENIED;
}
create_options = h->create_options;
@@ -322,7 +322,8 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
}
} else {
int ret;
- if (f->access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (f->access_mask &
+ (SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA)) {
ret = ftruncate(h->fd, newstats.st.st_size);
} else {
ret = truncate(h->name->full_name, newstats.st.st_size);
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c
index 3f6e8d908a..025ea3f3eb 100644
--- a/source4/ntvfs/posix/pvfs_write.c
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "vfs_posix.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
@@ -48,7 +49,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
+ if (!(f->access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA))) {
return NT_STATUS_ACCESS_VIOLATION;
}