From 66993ab03aeaf2590d5387f9d0ef95e92b6f82a8 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Thu, 23 Oct 2008 19:53:11 +0200
Subject: s3-samr: remove duplicate copies of Alias Object specific access
 rights.

Guenther
---
 source3/include/rpc_secdes.h     | 28 ----------------------------
 source3/librpc/gen_ndr/samr.h    |  5 +++++
 source3/rpc_server/srv_samr_nt.c | 10 +++++-----
 3 files changed, 10 insertions(+), 33 deletions(-)

(limited to 'source3')

diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 41ca323251..15adebe29d 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -214,34 +214,6 @@ struct standard_mapping {
 		SA_RIGHT_FILE_WRITE_DATA	| \
 		SA_RIGHT_FILE_READ_DATA)
 
-/* Alias Object specific access rights */
-
-#define SA_RIGHT_ALIAS_ADD_MEMBER	0x00000001
-#define SA_RIGHT_ALIAS_REMOVE_MEMBER	0x00000002
-#define SA_RIGHT_ALIAS_GET_MEMBERS	0x00000004
-#define SA_RIGHT_ALIAS_LOOKUP_INFO	0x00000008
-#define SA_RIGHT_ALIAS_SET_INFO		0x00000010
-
-#define SA_RIGHT_ALIAS_ALL_ACCESS 	0x0000001F
-
-#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		SA_RIGHT_ALIAS_ALL_ACCESS)	/* 0x000f001f */
-
-#define GENERIC_RIGHTS_ALIAS_READ \
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		SA_RIGHT_ALIAS_GET_MEMBERS )	/* 0x00020004 */
-
-#define GENERIC_RIGHTS_ALIAS_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		SA_RIGHT_ALIAS_REMOVE_MEMBER	| \
-		SA_RIGHT_ALIAS_ADD_MEMBER	| \
-		SA_RIGHT_ALIAS_SET_INFO )	/* 0x00020013 */
-
-#define GENERIC_RIGHTS_ALIAS_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_ALIAS_LOOKUP_INFO )	/* 0x00020008 */
-
 /*
  * Access Bits for registry ACLS
  */
diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h
index 79c7b6a27c..e5d009e0d9 100644
--- a/source3/librpc/gen_ndr/samr.h
+++ b/source3/librpc/gen_ndr/samr.h
@@ -28,6 +28,11 @@
 #define GENERIC_RIGHTS_GROUP_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_GROUP_ACCESS_GET_MEMBERS) )
 #define GENERIC_RIGHTS_GROUP_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_GROUP_ACCESS_REMOVE_MEMBER|SAMR_GROUP_ACCESS_ADD_MEMBER|SAMR_GROUP_ACCESS_SET_INFO) )
 #define GENERIC_RIGHTS_GROUP_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_GROUP_ACCESS_LOOKUP_INFO) )
+#define SAMR_ALIAS_ACCESS_ALL_ACCESS	( 0x0000001F )
+#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ALIAS_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_ALIAS_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ALIAS_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_ALIAS_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ALIAS_ACCESS_REMOVE_MEMBER|SAMR_ALIAS_ACCESS_ADD_MEMBER|SAMR_ALIAS_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_ALIAS_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ALIAS_ACCESS_LOOKUP_INFO) )
 #define MAX_SAM_ENTRIES_W2K	( 0x400 )
 #define MAX_SAM_ENTRIES_W95	( 50 )
 #define SAMR_ENUM_USERS_MULTIPLIER	( 54 )
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 6bd58b8ab1..c573173900 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1737,7 +1737,7 @@ NTSTATUS _samr_QueryAliasInfo(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_ALIAS_LOOKUP_INFO,
+					    SAMR_ALIAS_ACCESS_LOOKUP_INFO,
 					    "_samr_QueryAliasInfo");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -4412,7 +4412,7 @@ NTSTATUS _samr_GetMembersInAlias(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_ALIAS_GET_MEMBERS,
+					    SAMR_ALIAS_ACCESS_GET_MEMBERS,
 					    "_samr_GetMembersInAlias");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -4544,7 +4544,7 @@ NTSTATUS _samr_AddAliasMember(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_ALIAS_ADD_MEMBER,
+					    SAMR_ALIAS_ACCESS_ADD_MEMBER,
 					    "_samr_AddAliasMember");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -4593,7 +4593,7 @@ NTSTATUS _samr_DeleteAliasMember(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_ALIAS_REMOVE_MEMBER,
+					    SAMR_ALIAS_ACCESS_REMOVE_MEMBER,
 					    "_samr_DeleteAliasMember");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -5330,7 +5330,7 @@ NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_ALIAS_SET_INFO,
+					    SAMR_ALIAS_ACCESS_SET_INFO,
 					    "_samr_SetAliasInfo");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
-- 
cgit