From b5c2af94475337b4769dc464a695ee29bc5e87c7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 2 Jun 2010 23:57:09 +0200 Subject: s3-security: use shared "File Object specific access rights". Guenther --- source3/include/rpc_secdes.h | 53 ------------------------------------ source3/modules/nfs4_acls.c | 2 +- source3/rpc_server/srv_eventlog_nt.c | 4 +-- 3 files changed, 3 insertions(+), 56 deletions(-) (limited to 'source3') diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index f3efe27d7f..97ccc9b0d1 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -51,57 +51,4 @@ struct standard_mapping { #define STD_RIGHT_ALL_ACCESS 0x001F0000 -/* File Object specific access rights */ - -#define SA_RIGHT_FILE_READ_DATA 0x00000001 -#define SA_RIGHT_FILE_WRITE_DATA 0x00000002 -#define SA_RIGHT_FILE_APPEND_DATA 0x00000004 -#define SA_RIGHT_FILE_READ_EA 0x00000008 -#define SA_RIGHT_FILE_WRITE_EA 0x00000010 -#define SA_RIGHT_FILE_EXECUTE 0x00000020 -#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040 -#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080 -#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100 - -#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF - -#define GENERIC_RIGHTS_FILE_ALL_ACCESS \ - (STANDARD_RIGHTS_REQUIRED_ACCESS| \ - STD_RIGHT_SYNCHRONIZE_ACCESS | \ - SA_RIGHT_FILE_ALL_ACCESS) - -#define GENERIC_RIGHTS_FILE_READ \ - (STANDARD_RIGHTS_READ_ACCESS | \ - STD_RIGHT_SYNCHRONIZE_ACCESS | \ - SA_RIGHT_FILE_READ_DATA | \ - SA_RIGHT_FILE_READ_ATTRIBUTES | \ - SA_RIGHT_FILE_READ_EA) - -#define GENERIC_RIGHTS_FILE_WRITE \ - (STANDARD_RIGHTS_WRITE_ACCESS | \ - STD_RIGHT_SYNCHRONIZE_ACCESS | \ - SA_RIGHT_FILE_WRITE_DATA | \ - SA_RIGHT_FILE_WRITE_ATTRIBUTES | \ - SA_RIGHT_FILE_WRITE_EA | \ - SA_RIGHT_FILE_APPEND_DATA) - -#define GENERIC_RIGHTS_FILE_EXECUTE \ - (STANDARD_RIGHTS_EXECUTE_ACCESS | \ - STD_RIGHT_SYNCHRONIZE_ACCESS | \ - SA_RIGHT_FILE_READ_ATTRIBUTES | \ - SA_RIGHT_FILE_EXECUTE) - -#define GENERIC_RIGHTS_FILE_MODIFY \ - (STANDARD_RIGHTS_MODIFY_ACCESS | \ - STD_RIGHT_SYNCHRONIZE_ACCESS | \ - STD_RIGHT_DELETE_ACCESS | \ - SA_RIGHT_FILE_WRITE_ATTRIBUTES | \ - SA_RIGHT_FILE_READ_ATTRIBUTES | \ - SA_RIGHT_FILE_EXECUTE | \ - SA_RIGHT_FILE_WRITE_EA | \ - SA_RIGHT_FILE_READ_EA | \ - SA_RIGHT_FILE_APPEND_DATA | \ - SA_RIGHT_FILE_WRITE_DATA | \ - SA_RIGHT_FILE_READ_DATA) - #endif /* _RPC_SECDES_H */ diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index a6b9c6ed01..3d4ab29510 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -553,7 +553,7 @@ static bool smbacl4_fill_ace4( ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */ ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT; ace_v4->aceMask = ace_nt->access_mask & - (STD_RIGHT_ALL_ACCESS | SA_RIGHT_FILE_ALL_ACCESS); + (STD_RIGHT_ALL_ACCESS | SEC_FILE_ALL); se_map_generic(&ace_v4->aceMask, &file_generic_mapping); diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 99185ef552..2d4c597358 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -129,7 +129,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) /* we have to have READ permission for a successful open */ - return ( info->access_granted & SA_RIGHT_FILE_READ_DATA ); + return ( info->access_granted & SEC_FILE_READ_DATA ); } /******************************************************************** @@ -439,7 +439,7 @@ NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, /* check for WRITE access to the file */ - if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) ) + if ( !(info->access_granted & SEC_FILE_WRITE_DATA) ) return NT_STATUS_ACCESS_DENIED; /* Force a close and reopen */ -- cgit