#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
#define SEC_ACE_TYPE_ACCESS_ALLOWED 0x0
#define SEC_ACE_TYPE_ACCESS_DENIED 0x1
#define SEC_ACE_TYPE_SYSTEM_AUDIT 0x2
#define MAX_SEC_ACES 16
+#define ACL_REVISION 0x3
+
/* SEC_ACL */
typedef struct security_acl_info
{
- uint16 revision; /* 0x0002 */
+ uint16 revision; /* 0x0003 */
uint16 size; /* size in bytes of the entire ACL structure */
uint32 num_aces; /* number of Access Control Entries */
} SEC_ACL;
+#define SEC_DESC_REVISION 0x1
/* SEC_DESC */
typedef struct security_descriptor_info
static SEC_DESC_BUF *construct_default_printer_sdb(void)
{
extern DOM_SID global_sid_World;
- SEC_ACE ace;
+ SEC_ACE ace[2];
SEC_ACCESS sa;
SEC_ACL *psa = NULL;
SEC_DESC_BUF *sdb = NULL;
SEC_DESC *psd = NULL;
size_t sd_size;
- init_sec_access(&sa,PRINTER_ALL_ACCESS);
- init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
+ init_sec_access(&sa,PRINTER_MANAGE_DOCUMENTS);
+ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ sa, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
+ init_sec_ace(&ace[1], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
- if ((psa = make_sec_acl( 3, 1, &ace)) != NULL) {
- psd = make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
- &global_sid_World, &global_sid_World,
- NULL, psa, &sd_size);
+ if ((psa = make_sec_acl( ACL_REVISION, 2, &ace)) != NULL) {
+ psd = make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+ &global_sid_World, &global_sid_World, NULL, psa, &sd_size);
free_sec_acl(&psa);
}
SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid,
SEC_ACL *dacl, size_t *sd_size)
{
- return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+ return make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
owner_sid, grp_sid, NULL, dacl, sd_size);
}
}
if(num_acls)
- if((psa = make_sec_acl( 3, num_acls, ace_list)) == NULL) {
+ if((psa = make_sec_acl( ACL_REVISION, num_acls, ace_list)) == NULL) {
DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
return 0;
}