From b6a2cea74d90499bd3e239ab696502ae8afed30e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jun 2010 10:36:05 +0200 Subject: s3-security: use shared "Standard access rights.". Guenther --- source3/rpc_server/srv_lsa_nt.c | 4 ++-- source3/rpc_server/srv_samr_nt.c | 16 ++++++++-------- source3/rpc_server/srv_svcctl_nt.c | 6 +++--- source3/rpc_server/srv_winreg_nt.c | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 7e00e7aa33..fffb912782 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1414,7 +1414,7 @@ NTSTATUS _lsa_DeleteObject(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; } - if (!(info->access & STD_RIGHT_DELETE_ACCESS)) { + if (!(info->access & SEC_STD_DELETE)) { return NT_STATUS_ACCESS_DENIED; } @@ -2261,7 +2261,7 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, status = access_check_object(psd, p->server_info->ptok, NULL, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| - LSA_ACCOUNT_VIEW|STD_RIGHT_DELETE_ACCESS, + LSA_ACCOUNT_VIEW|SEC_STD_DELETE, &acc_granted, "_lsa_RemoveAccountRights"); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 30c5c5e839..fda8515e12 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -779,7 +779,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, size_t sd_size = 0; cinfo = policy_handle_find(p, r->in.handle, - STD_RIGHT_READ_CONTROL_ACCESS, NULL, + SEC_STD_READ_CONTROL, NULL, struct samr_connect_info, &status); if (NT_STATUS_IS_OK(status)) { DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n")); @@ -789,7 +789,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, } dinfo = policy_handle_find(p, r->in.handle, - STD_RIGHT_READ_CONTROL_ACCESS, NULL, + SEC_STD_READ_CONTROL, NULL, struct samr_domain_info, &status); if (NT_STATUS_IS_OK(status)) { DEBUG(5,("_samr_QuerySecurity: querying security on Domain " @@ -804,7 +804,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, } uinfo = policy_handle_find(p, r->in.handle, - STD_RIGHT_READ_CONTROL_ACCESS, NULL, + SEC_STD_READ_CONTROL, NULL, struct samr_user_info, &status); if (NT_STATUS_IS_OK(status)) { DEBUG(10,("_samr_QuerySecurity: querying security on user " @@ -825,7 +825,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, } ginfo = policy_handle_find(p, r->in.handle, - STD_RIGHT_READ_CONTROL_ACCESS, NULL, + SEC_STD_READ_CONTROL, NULL, struct samr_group_info, &status); if (NT_STATUS_IS_OK(status)) { /* @@ -843,7 +843,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, } ainfo = policy_handle_find(p, r->in.handle, - STD_RIGHT_READ_CONTROL_ACCESS, NULL, + SEC_STD_READ_CONTROL, NULL, struct samr_alias_info, &status); if (NT_STATUS_IS_OK(status)) { /* @@ -5699,7 +5699,7 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p, DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__)); uinfo = policy_handle_find(p, r->in.user_handle, - STD_RIGHT_DELETE_ACCESS, NULL, + SEC_STD_DELETE, NULL, struct samr_user_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; @@ -5767,7 +5767,7 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p, DEBUG(5, ("samr_DeleteDomainGroup: %d\n", __LINE__)); ginfo = policy_handle_find(p, r->in.group_handle, - STD_RIGHT_DELETE_ACCESS, NULL, + SEC_STD_DELETE, NULL, struct samr_group_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; @@ -5817,7 +5817,7 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p, DEBUG(5, ("_samr_DeleteDomAlias: %d\n", __LINE__)); ainfo = policy_handle_find(p, r->in.alias_handle, - STD_RIGHT_DELETE_ACCESS, NULL, + SEC_STD_DELETE, NULL, struct samr_alias_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 02b3c8d833..5dc62ef29b 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -869,7 +869,7 @@ WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p, /* check access reights (according to MSDN) */ - if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) ) + if ( !(info->access_granted & SEC_STD_READ_CONTROL) ) return WERR_ACCESS_DENIED; /* TODO: handle something besides SECINFO_DACL */ @@ -923,12 +923,12 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, switch ( r->in.security_flags ) { case SECINFO_DACL: - required_access = STD_RIGHT_WRITE_DAC_ACCESS; + required_access = SEC_STD_WRITE_DAC; break; case SECINFO_OWNER: case SECINFO_GROUP: - required_access = STD_RIGHT_WRITE_OWNER_ACCESS; + required_access = SEC_STD_WRITE_OWNER; break; case SECINFO_SACL: diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 10ea8fef22..28d5ac9237 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -851,7 +851,7 @@ WERROR _winreg_GetKeySecurity(pipes_struct *p, struct winreg_GetKeySecurity *r) /* access checks first */ - if ( !(key->key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) ) + if ( !(key->key->access_granted & SEC_STD_READ_CONTROL) ) return WERR_ACCESS_DENIED; err = reg_getkeysecurity(p->mem_ctx, key, &secdesc); @@ -892,7 +892,7 @@ WERROR _winreg_SetKeySecurity(pipes_struct *p, struct winreg_SetKeySecurity *r) /* access checks first */ - if ( !(key->key->access_granted & STD_RIGHT_WRITE_DAC_ACCESS) ) + if ( !(key->key->access_granted & SEC_STD_WRITE_DAC) ) return WERR_ACCESS_DENIED; err = ntstatus_to_werror(unmarshall_sec_desc(p->mem_ctx, r->in.sd->data, -- cgit