From 69d925d110a23e9f1cf9e6013729eb611b8ab58a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 27 Aug 2012 14:15:35 -0700 Subject: SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used anywhere. Remove (can re-add if needed). Ensure the privilege rights are always specific rights, not generic. By the time the privilege rights are examined, we've already mapped from generic to specific in the access_mask. --- librpc/idl/security.idl | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'librpc') diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 5973fc5298..33085c4e14 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -147,19 +147,18 @@ interface security const int SEC_RIGHTS_DIR_ALL = SEC_RIGHTS_FILE_ALL; /* rights granted by some specific privileges */ - const int SEC_RIGHTS_PRIV_BACKUP = SEC_STD_READ_CONTROL | + const int SEC_RIGHTS_PRIV_BACKUP = SEC_STD_READ_CONTROL | SEC_FLAG_SYSTEM_SECURITY | - SEC_GENERIC_READ; - const int SEC_RIGHTS_DIR_PRIV_BACKUP = SEC_RIGHTS_PRIV_BACKUP - | SEC_DIR_TRAVERSE; + SEC_RIGHTS_FILE_READ | + SEC_DIR_TRAVERSE; - const int SEC_RIGHTS_PRIV_RESTORE = SEC_STD_WRITE_DAC | + const int SEC_RIGHTS_PRIV_RESTORE = SEC_STD_WRITE_DAC | SEC_STD_WRITE_OWNER | SEC_FLAG_SYSTEM_SECURITY | - SEC_STD_DELETE; - const int SEC_RIGHTS_DIR_PRIV_RESTORE = SEC_RIGHTS_PRIV_RESTORE | + SEC_RIGHTS_FILE_WRITE | SEC_DIR_ADD_FILE | - SEC_DIR_ADD_SUBDIR; + SEC_DIR_ADD_SUBDIR | + SEC_STD_DELETE; /* combinations of standard masks. */ const int STANDARD_RIGHTS_ALL_ACCESS = SEC_STD_ALL; /* 0x001f0000 */ -- cgit