#include "enums.h"
#include "pstring.h"
#include "smb_macros.h"
-#include "rpc_secdes.h"
#include "smb.h"
#include "ads.h"
#include "lib/socket/socket.h"
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SMB parameters and setup
- Copyright (C) Andrew Tridgell 1992-2000
- Copyright (C) Luke Kenneth Casson Leighton 1996-2000
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-typedef struct security_descriptor SEC_DESC;
-
-#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
-#define _RPC_SECDES_H
-
-#define SEC_RIGHTS_QUERY_VALUE 0x00000001
-#define SEC_RIGHTS_SET_VALUE 0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
-#define SEC_RIGHTS_NOTIFY 0x00000010
-#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_READ 0x00020019
-#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
-/* for ADS */
-#define SEC_RIGHTS_LIST_CONTENTS 0x4
-#define SEC_RIGHTS_LIST_OBJECT 0x80
-#define SEC_RIGHTS_READ_ALL_PROP 0x10
-#define SEC_RIGHTS_READ_PERMS 0x20000
-#define SEC_RIGHTS_WRITE_ALL_VALID 0x8
-#define SEC_RIGHTS_WRITE_ALL_PROP 0x20
-#define SEC_RIGHTS_MODIFY_OWNER 0x80000
-#define SEC_RIGHTS_MODIFY_PERMS 0x40000
-#define SEC_RIGHTS_CREATE_CHILD 0x1
-#define SEC_RIGHTS_DELETE_CHILD 0x2
-#define SEC_RIGHTS_DELETE_SUBTREE 0x40
-#define SEC_RIGHTS_DELETE 0x10000 /* advanced/special/object/delete */
-#define SEC_RIGHTS_EXTENDED 0x100 /* change/reset password, receive/send as*/
-#define SEC_RIGHTS_CHANGE_PASSWD SEC_RIGHTS_EXTENDED
-#define SEC_RIGHTS_RESET_PASSWD SEC_RIGHTS_EXTENDED
-#define SEC_RIGHTS_FULL_CTRL 0xf01ff
-
-/* Don't know what this means. */
-
-/* security information flags used in query_secdesc and set_secdesc */
-#define OWNER_SECURITY_INFORMATION 0x00000001
-#define GROUP_SECURITY_INFORMATION 0x00000002
-#define DACL_SECURITY_INFORMATION 0x00000004
-#define SACL_SECURITY_INFORMATION 0x00000008
-
-/* Extra W2K flags. */
-#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
-#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
-#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
-#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
-
-#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
- DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
- UNPROTECTED_SACL_SECURITY_INFORMATION|\
- UNPROTECTED_DACL_SECURITY_INFORMATION|\
- PROTECTED_SACL_SECURITY_INFORMATION|\
- PROTECTED_DACL_SECURITY_INFORMATION)
-
-#ifndef ACL_REVISION
-#define ACL_REVISION 0x3
-#endif
-
-#ifndef NT4_ACL_REVISION
-#define NT4_ACL_REVISION 0x2
-#endif
-
-#ifndef SEC_DESC_REVISION
-#define SEC_DESC_REVISION 0x1
-#endif
-
-
-/* Security Access Masks Rights */
-
-#define SPECIFIC_RIGHTS_MASK 0x0000FFFF
-#define STANDARD_RIGHTS_MASK 0x00FF0000
-#define GENERIC_RIGHTS_MASK 0xF0000000
-
-#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
-#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
-
-/* Generic access rights */
-
-#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
-#define GENERIC_RIGHT_EXECUTE_ACCESS 0x20000000
-#define GENERIC_RIGHT_WRITE_ACCESS 0x40000000
-#define GENERIC_RIGHT_READ_ACCESS 0x80000000
-
-/* Standard access rights. */
-
-#define STD_RIGHT_DELETE_ACCESS 0x00010000
-#define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
-#define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
-#define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
-#define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
-
-#define STD_RIGHT_ALL_ACCESS 0x001F0000
-
-/* Combinations of standard masks. */
-#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
-#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_REQUIRED_ACCESS \
- (STD_RIGHT_DELETE_ACCESS | \
- STD_RIGHT_READ_CONTROL_ACCESS | \
- STD_RIGHT_WRITE_DAC_ACCESS | \
- STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */
-
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA 0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA 0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA 0x00000004
-#define SA_RIGHT_FILE_READ_EA 0x00000008
-#define SA_RIGHT_FILE_WRITE_EA 0x00000010
-#define SA_RIGHT_FILE_EXECUTE 0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
-#define SA_RIGHT_FILE_READ_EXEC (SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE)
-#define SA_RIGHT_FILE_WRITE_APPEND (SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA)
-
-#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_READ_DATA | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_WRITE_DATA | \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
- SA_RIGHT_FILE_WRITE_EA | \
- SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_EXECUTE)
-
-
-/* directory specific access rights */
-#define SA_RIGHT_DIR_LIST 0x0001
-#define SA_RIGHT_DIR_ADD_FILE 0x0002
-#define SA_RIGHT_DIR_ADD_SUBDIRECTORY 0x0004
-#define SA_RIGHT_DIR_TRAVERSE 0x0020
-#define SA_RIGHT_DIR_DELETE_CHILD 0x0040
-
-
-/* SAM server specific access rights */
-
-#define SA_RIGHT_SAM_CONNECT_SERVER 0x00000001
-#define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
-#define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004
-#define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008
-#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
-
-#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
-
-#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_SAM_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_SAM_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_SAM_ENUM_DOMAINS)
-
-#define GENERIC_RIGHTS_SAM_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_SAM_CREATE_DOMAIN | \
- SA_RIGHT_SAM_INITIALISE_SERVER | \
- SA_RIGHT_SAM_SHUTDOWN_SERVER)
-
-#define GENERIC_RIGHTS_SAM_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_SAM_OPEN_DOMAIN | \
- SA_RIGHT_SAM_CONNECT_SERVER)
-
-
-/* Domain Object specific access rights */
-
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
-#define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
-#define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
-#define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
-#define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
-#define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
-#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
-#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
-#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
-#define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
-
-#define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_DOMAIN_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_DOMAIN_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
-
-#define GENERIC_RIGHTS_DOMAIN_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_DOMAIN_SET_INFO_3 | \
- SA_RIGHT_DOMAIN_CREATE_ALIAS | \
- SA_RIGHT_DOMAIN_CREATE_GROUP | \
- SA_RIGHT_DOMAIN_CREATE_USER | \
- SA_RIGHT_DOMAIN_SET_INFO_2 | \
- SA_RIGHT_DOMAIN_SET_INFO_1)
-
-#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
-
-
-/* User Object specific access rights */
-
-#define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
-#define SA_RIGHT_USER_GET_LOCALE 0x00000002
-#define SA_RIGHT_USER_SET_LOC_COM 0x00000004
-#define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
-#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
-#define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
-#define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
-#define SA_RIGHT_USER_SET_PASSWORD 0x00000080
-#define SA_RIGHT_USER_GET_GROUPS 0x00000100
-#define SA_RIGHT_USER_READ_GROUP_MEM 0x00000200
-#define SA_RIGHT_USER_CHANGE_GROUP_MEM 0x00000400
-
-#define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_USER_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
-
-#define GENERIC_RIGHTS_USER_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_USER_READ_GROUP_MEM | \
- SA_RIGHT_USER_GET_GROUPS | \
- SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
- SA_RIGHT_USER_GET_LOGONINFO | \
- SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
-
-#define GENERIC_RIGHTS_USER_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */
-
-#define GENERIC_RIGHTS_USER_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
-
-
-/* Group Object specific access rights */
-
-#define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
-#define SA_RIGHT_GROUP_SET_INFO 0x00000002
-#define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
-#define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
-#define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
-
-#define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_GROUP_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
-
-#define GENERIC_RIGHTS_GROUP_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_GROUP_REMOVE_MEMBER | \
- SA_RIGHT_GROUP_ADD_MEMBER | \
- SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
-
-#define GENERIC_RIGHTS_GROUP_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
-
-
-/* Alias Object specific access rights */
-
-#define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
-#define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
-#define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
-#define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
-#define SA_RIGHT_ALIAS_SET_INFO 0x00000010
-
-#define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_ALIAS_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
-
-#define GENERIC_RIGHTS_ALIAS_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_ALIAS_REMOVE_MEMBER | \
- SA_RIGHT_ALIAS_ADD_MEMBER | \
- SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
-
-#define GENERIC_RIGHTS_ALIAS_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
-
-#endif /* _RPC_SECDES_H */
struct security_token;
struct security_acl;
struct security_ace;
+
+typedef struct security_descriptor SEC_DESC;
interface security
{
+ /*
+ access masks are divided up like this:
+ 0xabccdddd
+ where
+ a = generic rights bits SEC_GENERIC_
+ b = flags SEC_FLAG_
+ c = standard rights bits SEC_STD_
+ d = object type specific bits SEC_{FILE,DIR,REG,xxx}_
+
+ common combinations of bits are prefixed with SEC_RIGHTS_
+ */
+ const int SEC_MASK_GENERIC = 0xF0000000;
+ const int SEC_MASK_FLAGS = 0x0F000000;
+ const int SEC_MASK_STANDARD = 0x00FF0000;
+ const int SEC_MASK_SPECIFIC = 0x0000FFFF;
+
+ /* generic bits */
+ const int SEC_GENERIC_ALL = 0x10000000;
+ const int SEC_GENERIC_EXECUTE = 0x20000000;
+ const int SEC_GENERIC_WRITE = 0x40000000;
+ const int SEC_GENERIC_READ = 0x80000000;
+
+ /* flag bits */
+ const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000;
+ const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000;
+
+ /* standard bits */
+ const int SEC_STD_DELETE = 0x00010000;
+ const int SEC_STD_READ_CONTROL = 0x00020000;
+ const int SEC_STD_WRITE_DAC = 0x00040000;
+ const int SEC_STD_WRITE_OWNER = 0x00080000;
+ const int SEC_STD_SYNCHRONIZE = 0x00100000;
+ const int SEC_STD_REQUIRED = 0x000F0000;
+ const int SEC_STD_ALL = 0x001F0000;
+
+ /* file specific bits */
+ const int SEC_FILE_READ_DATA = 0x00000001;
+ const int SEC_FILE_WRITE_DATA = 0x00000002;
+ const int SEC_FILE_APPEND_DATA = 0x00000004;
+ const int SEC_FILE_READ_EA = 0x00000008;
+ const int SEC_FILE_WRITE_EA = 0x00000010;
+ const int SEC_FILE_EXECUTE = 0x00000020;
+ const int SEC_FILE_READ_ATTRIBUTE = 0x00000080;
+ const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100;
+ const int SEC_FILE_ALL = 0x000001ff;
+
+ /* directory specific bits */
+ const int SEC_DIR_LIST = 0x00000001;
+ const int SEC_DIR_ADD_FILE = 0x00000002;
+ const int SEC_DIR_ADD_SUBDIR = 0x00000004;
+ const int SEC_DIR_READ_EA = 0x00000008;
+ const int SEC_DIR_WRITE_EA = 0x00000010;
+ const int SEC_DIR_TRAVERSE = 0x00000020;
+ const int SEC_DIR_DELETE_CHILD = 0x00000040;
+ const int SEC_DIR_READ_ATTRIBUTE = 0x00000080;
+ const int SEC_DIR_WRITE_ATTRIBUTE = 0x00000100;
+
+ /* registry entry specific bits */
+ const int SEC_REG_QUERY_VALUE = 0x00000001;
+ const int SEC_REG_SET_VALUE = 0x00000002;
+ const int SEC_REG_CREATE_SUBKEY = 0x00000004;
+ const int SEC_REG_ENUM_SUBKEYS = 0x00000008;
+ const int SEC_REG_NOTIFY = 0x00000010;
+ const int SEC_REG_CREATE_LINK = 0x00000020;
+
+ /* common combinations of bits */
+ const int SEC_RIGHTS_FULL_CONTROL = SEC_STD_ALL | SEC_FILE_ALL;
+
+ const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL |
+ SEC_STD_SYNCHRONIZE |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_READ_EA;
+
+ const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL |
+ SEC_STD_SYNCHRONIZE |
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_APPEND_DATA;
+
+ const int SEC_RIGHTS_MAXIMUM_ALLOWED = SEC_FLAG_MAXIMUM_ALLOWED;
+
+
/* a NULL sid */
const string SID_NULL = "S-1-0-0";
dom_sid trustee;
} security_ace;
+ const int NT4_ACL_REVISION = 0x2;
+
typedef [public] struct {
uint16 revision;
[value(ndr_size_security_acl(r))] uint16 size;
const int SEC_DESC_RM_CONTROL_VALID = 0x4000;
const int SEC_DESC_SELF_RELATIVE = 0x8000;
+ /* bits that determine which parts of a security descriptor
+ are being queried/set */
+ const int SECINFO_OWNER = 0x00000001;
+ const int SECINFO_GROUP = 0x00000002;
+ const int SECINFO_DACL = 0x00000004;
+ const int SECINFO_SACL = 0x00000008;
+
+
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
uint8 revision;
uint16 type; /* SEC_DESC_xxxx flags */
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* transport private information used by SMB pipe transport */
struct smb_private {
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask =
- STD_RIGHT_READ_CONTROL_ACCESS |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES |
- SA_RIGHT_FILE_WRITE_EA |
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_STD_READ_CONTROL |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA;
io.ntcreatex.in.file_attr = 0;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.share_access =
#include "includes.h"
#include "messages.h"
+#include "librpc/gen_ndr/ndr_security.h"
struct odb_context {
struct tdb_wrap *w;
/* if either open involves no read.write or delete access then
it can't conflict */
- if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e1->access_mask & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return False;
}
- if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e2->access_mask & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return False;
}
}
CHECK_MASK(e1->access_mask, e2->share_access,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e2->access_mask, e1->share_access,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e1->access_mask, e2->share_access,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e2->access_mask, e1->share_access,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e1->access_mask, e2->share_access,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
CHECK_MASK(e2->access_mask, e1->share_access,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
/* if a delete is pending then a second open is not allowed */
#include "includes.h"
#include "smb_server/smb_server.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* a second stage function converts from the out parameters of the generic
call onto the out parameters of the specific call made */
io->openx.out.devstate = 0;
io->openx.out.action = io2->generic.out.create_action;
io->openx.out.unique_fid = 0;
- io->openx.out.access_mask = STANDARD_RIGHTS_ALL_ACCESS;
+ io->openx.out.access_mask = SEC_STD_ALL;
io->openx.out.unknown = 0;
/* we need to extend the file to the requested size if
switch (io->openx.in.open_mode & OPENX_MODE_ACCESS_MASK) {
case OPENX_MODE_ACCESS_READ:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openx.out.access = OPENX_MODE_ACCESS_READ;
break;
case OPENX_MODE_ACCESS_WRITE:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_WRITE;
break;
case OPENX_MODE_ACCESS_RDWR:
case OPENX_MODE_ACCESS_FCB:
case OPENX_MODE_ACCESS_EXEC:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE | GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask =
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_RDWR;
break;
default:
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN;
switch (io->openold.in.flags & OPEN_FLAGS_MODE_MASK) {
case OPEN_FLAGS_OPEN_READ:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openold.out.rmode = DOS_OPEN_RDONLY;
break;
case OPEN_FLAGS_OPEN_WRITE:
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_WRONLY;
break;
case OPEN_FLAGS_OPEN_RDWR:
case 0xf: /* FCB mode */
- io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_RDWR; /* assume we got r/w */
break;
default:
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
generate_random_str_list(io2, 5, "0123456789"));
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
- GENERIC_RIGHTS_FILE_READ |
- GENERIC_RIGHTS_FILE_WRITE;
+ SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
- Group
- Everyone
*/
- access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS;
+ access_masks[0] = SEC_RIGHTS_FULL_CONTROL;
access_masks[1] = 0;
access_masks[2] = 0;
access_masks[3] = 0;
if (mode & S_IRUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWUSR) {
access_masks[1] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES |
- STD_RIGHT_DELETE_ACCESS;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_STD_DELETE;
}
if (mode & S_IRGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWGRP) {
access_masks[2] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
if (mode & S_IROTH) {
access_masks[3] |=
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_READ_EA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_EXECUTE |
- STD_RIGHT_SYNCHRONIZE_ACCESS |
- STD_RIGHT_READ_CONTROL_ACCESS;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_READ_EA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_EXECUTE |
+ SEC_STD_SYNCHRONIZE |
+ SEC_STD_READ_CONTROL;
}
if (mode & S_IWOTH) {
access_masks[3] |=
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_APPEND_DATA |
- SA_RIGHT_FILE_WRITE_EA |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE;
}
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
*/
static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags)
{
- if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_OWNER)) {
sd->owner_sid = NULL;
}
- if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_GROUP)) {
sd->group_sid = NULL;
}
- if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_DACL)) {
sd->dacl = NULL;
}
- if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) {
+ if (!(secinfo_flags & SECINFO_SACL)) {
sd->sacl = NULL;
}
}
new_sd = info->set_secdesc.in.sd;
/* only set the elements that have been specified */
- if (secinfo_flags & OWNER_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_OWNER) {
sd->owner_sid = new_sd->owner_sid;
}
- if (secinfo_flags & GROUP_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_GROUP) {
sd->group_sid = new_sd->group_sid;
}
- if (secinfo_flags & DACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_DACL) {
sd->dacl = new_sd->dacl;
}
- if (secinfo_flags & SACL_SECURITY_INFORMATION) {
+ if (secinfo_flags & SECINFO_SACL) {
sd->sacl = new_sd->sacl;
}
return NT_STATUS_CANNOT_DELETE;
}
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags = O_RDWR;
} else {
flags = O_RDONLY;
union smb_setfileinfo set;
set.set_secdesc.file.fnum = fnum;
- set.set_secdesc.in.secinfo_flags = DACL_SECURITY_INFORMATION;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
set.set_secdesc.in.sd = io->ntcreatex.in.sec_desc;
status = pvfs_acl_set(pvfs, req, name, fd, &set);
(f2->handle->create_options &
(NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
- (f2->access_mask & SA_RIGHT_FILE_WRITE_DATA) &&
+ (f2->access_mask & SEC_FILE_WRITE_DATA) &&
StrCaseCmp(f2->handle->name->original_name,
io->generic.in.fname)==0) {
break;
share_access = io->generic.in.share_access;
access_mask = io->generic.in.access_mask;
- if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) {
- access_mask = GENERIC_RIGHTS_FILE_READ;
+ access_mask = SEC_RIGHTS_FILE_READ;
} else {
- access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
+ access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
}
/* certain create options are not allowed */
if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
- !(access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ !(access_mask & SEC_STD_DELETE)) {
return NT_STATUS_INVALID_PARAMETER;
}
return NT_STATUS_INVALID_PARAMETER;
}
- if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags |= O_RDWR;
} else {
flags |= O_RDONLY;
NTCREATEX_SHARE_ACCESS_WRITE |
NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE,
0,
- STD_RIGHT_DELETE_ACCESS);
+ SEC_STD_DELETE);
return status;
}
#include "includes.h"
#include "vfs_posix.h"
#include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
read from a file
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- mask = SA_RIGHT_FILE_READ_DATA;
+ mask = SEC_FILE_READ_DATA;
if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
- mask |= SA_RIGHT_FILE_EXECUTE;
+ mask |= SEC_FILE_EXECUTE;
}
if (!(f->access_mask & mask)) {
return NT_STATUS_ACCESS_DENIED;
case RAW_SFILEINFO_DISPOSITION_INFO:
case RAW_SFILEINFO_DISPOSITION_INFORMATION:
- if (!(f->access_mask & STD_RIGHT_DELETE_ACCESS)) {
+ if (!(f->access_mask & SEC_STD_DELETE)) {
return NT_STATUS_ACCESS_DENIED;
}
create_options = h->create_options;
}
} else {
int ret;
- if (f->access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (f->access_mask &
+ (SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA)) {
ret = ftruncate(h->fd, newstats.st.st_size);
} else {
ret = truncate(h->name->full_name, newstats.st.st_size);
#include "includes.h"
#include "vfs_posix.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
+ if (!(f->access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA))) {
return NT_STATUS_ACCESS_VIOLATION;
}
tcon->service = snum;
- /*
- * New code to check if there's a share security descripter
- * added from NT server manager. This is done after the
- * smb.conf checks are done as we need a uid and token. JRA.
- *
- */
-
- if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_WRITE_DATA)) {
- if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_READ_DATA)) {
- /* No access, read or write. */
- DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
- lp_servicename(snum)));
- conn_free(req->smb_conn, tcon);
- return NT_STATUS_ACCESS_DENIED;
- } else {
- tcon->read_only = True;
- }
- }
-
/* init ntvfs function pointers */
status = ntvfs_init_connection(req, type);
if (!NT_STATUS_IS_OK(status)) {
BOOL pcap_printername_ok(const char *service, const char *foo)
{ return True; }
-BOOL share_access_check(struct smbsrv_request *req, struct smbsrv_tcon *tcon, int snum, uint32_t desired_access)
-{ return True; }
-
/*
* initialize an smb process. Guaranteed to be called only once per
* smbd instance (so it can assume it is starting from scratch, and
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
extern int torture_failures;
for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32_t); i++) {
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_WRITE_DATA, open_attrs_table[i],
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_FILE_WRITE_DATA,
+ open_attrs_table[i],
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA,
- open_attrs_table[j],
- NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OVERWRITE, 0, 0);
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA,
+ open_attrs_table[j],
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OVERWRITE, 0, 0);
if (fnum1 == -1) {
for (l = 0; l < ARRAY_SIZE(attr_results); l++) {
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\chartest\\"
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
- NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
+ NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_ALL_ACCESS,
+ SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
with SHARE_DELETE. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OPEN, 0, 0);
/* This should succeed. */
- fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN, 0, 0);
+ fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FILE_READ,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+ NTCREATEX_DISP_OPEN, 0, 0);
if (fnum2 == -1) {
printf("(%s) open - 2 of %s failed (%s)\n",
}
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_WRITE_DATA |
- STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA |
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
}
/* This should succeed. */
- fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_READ,
+ fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE |
/* This should fail - no more opens once delete on close set. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OPEN, 0, 0);
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA,
+ SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE |
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_WRITE_DATA |
- STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL, 0, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA |
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL, 0,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
goto fail;
}
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
- NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
goto fail;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
- NTCREATEX_DISP_OPEN, 0, 0);
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_STD_DELETE,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+ NTCREATEX_DISP_OPEN, 0, 0);
if (fnum2 == -1) {
printf("(%s) open of %s failed (%s)\n",
/* This should fail - we need to set DELETE_ACCESS. */
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA,
+ SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF,
printf("ninth delete on close test succeeded.\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_STD_DELETE,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF,
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
-
+
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_ALL_ACCESS,
+ SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_READONLY,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
/* test 12 - does having read only attribute still allow delete on close at time of open. */
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_READONLY,
- NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
- NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_READONLY,
+ NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
+ NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
if (fnum1 != -1) {
printf("(%s) open of %s succeeded. Should fail with NT_STATUS_CANNOT_DELETE.\n",
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
extern BOOL torture_showall;
extern int torture_failures;
}} while (0)
*res = A_0;
- if (am2 & SA_RIGHT_FILE_WRITE_APPEND) {
+ if (am2 & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
*res += A_W;
}
- if (am2 & SA_RIGHT_FILE_READ_DATA) {
+ if (am2 & SEC_FILE_READ_DATA) {
*res += A_R;
- } else if ((am2 & SA_RIGHT_FILE_EXECUTE) &&
+ } else if ((am2 & SEC_FILE_EXECUTE) &&
(flags2 & FLAGS2_READ_PERMIT_EXECUTE)) {
*res += A_R;
}
/* if either open involves no read.write or delete access then
it can't conflict */
- if (!(am1 & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(am1 & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return NT_STATUS_OK;
}
- if (!(am2 & (SA_RIGHT_FILE_WRITE_APPEND |
- SA_RIGHT_FILE_READ_EXEC |
- STD_RIGHT_DELETE_ACCESS))) {
+ if (!(am2 & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_READ_DATA |
+ SEC_FILE_EXECUTE |
+ SEC_STD_DELETE))) {
return NT_STATUS_OK;
}
/* check the basic share access */
CHECK_MASK(am1, sa2,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(am2, sa1,
- SA_RIGHT_FILE_WRITE_APPEND,
+ SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(am1, sa2,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(am2, sa1,
- SA_RIGHT_FILE_READ_EXEC,
+ SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(am1, sa2,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
CHECK_MASK(am2, sa1,
- STD_RIGHT_DELETE_ACCESS,
+ SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
return NT_STATUS_OK;
{ NTCREATEX_SHARE_ACCESS_DELETE, "S_D" }
};
const struct bit_value access_mask_bits[] = {
- { SA_RIGHT_FILE_READ_DATA, "R_DATA" },
- { SA_RIGHT_FILE_WRITE_DATA, "W_DATA" },
- { SA_RIGHT_FILE_READ_ATTRIBUTES, "R_ATTR" },
- { SA_RIGHT_FILE_WRITE_ATTRIBUTES, "W_ATTR" },
- { SA_RIGHT_FILE_READ_EA, "R_EAS " },
- { SA_RIGHT_FILE_WRITE_EA, "W_EAS " },
- { SA_RIGHT_FILE_APPEND_DATA, "A_DATA" },
- { SA_RIGHT_FILE_EXECUTE, "EXEC " }
+ { SEC_FILE_READ_DATA, "R_DATA" },
+ { SEC_FILE_WRITE_DATA, "W_DATA" },
+ { SEC_FILE_READ_ATTRIBUTE, "R_ATTR" },
+ { SEC_FILE_WRITE_ATTRIBUTE, "W_ATTR" },
+ { SEC_FILE_READ_EA, "R_EAS " },
+ { SEC_FILE_WRITE_EA, "W_EAS " },
+ { SEC_FILE_APPEND_DATA, "A_DATA" },
+ { SEC_FILE_EXECUTE, "EXEC " }
};
int fnum1;
int i;
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
static void list_fn(struct file_info *finfo, const char *name, void *state)
{
for (i=0;i<torture_entries;i++) {
char *fname;
asprintf(&fname, "\\LISTDIR\\f%d", i);
- fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
- NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_ARCHIVE,
+ NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum == -1) {
fprintf(stderr,"(%s) Failed to open %s, error=%s\n",
__location__, fname, smbcli_errstr(cli->tree));
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_disconnect"
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_DATA;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
Test rename on files open with share delete and no share delete.
smbcli_unlink(cli1->tree, fname);
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
smbcli_unlink(cli1->tree, fname);
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- GENERIC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|NTCREATEX_SHARE_ACCESS_READ,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- STD_RIGHT_READ_CONTROL_ACCESS,
+ SEC_STD_READ_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define VERBOSE 0
#define OP_MIN 0
printf("file open failed - %s\n", smbcli_errstr(cli->tree));
}
dnum = smbcli_nt_create_full(cli->tree, "\\",
- 0, GENERIC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OPEN,
- NTCREATEX_OPTIONS_DIRECTORY, 0);
+ 0,
+ SEC_RIGHTS_FILE_READ,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OPEN,
+ NTCREATEX_OPTIONS_DIRECTORY, 0);
if (dnum == -1) {
printf("directory open failed - %s\n", smbcli_errstr(cli->tree));
}
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
This test checks that
io.ntcreatex.in.security_flags = 0;
io.ntcreatex.in.fname = fname;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
status = smb_raw_open(cli->tree, cli, &io);
if (!NT_STATUS_IS_OK(status)) {
#include "includes.h"
#include "system/iconv.h"
+#include "librpc/gen_ndr/ndr_security.h"
BOOL torture_utable(void)
{
fname = form_name(c);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
#if 0
- SEC_RIGHT_MAXIMUM_ALLOWED,
+ SEC_RIGHT_MAXIMUM_ALLOWED,
#else
- GENERIC_RIGHTS_FILE_ALL_ACCESS,
+ SEC_RIGHTS_FULL_CONTROL,
#endif
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OPEN_IF, 0, 0);
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum == -1) {
printf("Failed to create file with char %04x\n", c);
#include "system/time.h"
#include "request.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define NSERVERS 2
#define NINSTANCES 2
*/
static uint32_t gen_access_mask(void)
{
- if (gen_chance(50)) return SEC_RIGHT_MAXIMUM_ALLOWED;
- if (gen_chance(20)) return GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ if (gen_chance(50)) return SEC_RIGHTS_MAXIMUM_ALLOWED;
+ if (gen_chance(20)) return SEC_FILE_ALL;
return gen_bits_mask(0xFFFFFFFF);
}
#include "includes.h"
#include "system/time.h"
#include "dlinklist.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define MAX_FILES 100
mem_ctx = talloc_init("raw_open");
if (create_options & NTCREATEX_OPTIONS_DIRECTORY) {
- desired_access = SA_RIGHT_FILE_READ_DATA;
+ desired_access = SEC_FILE_READ_DATA;
} else {
desired_access =
- SA_RIGHT_FILE_READ_DATA |
- SA_RIGHT_FILE_WRITE_DATA |
- SA_RIGHT_FILE_READ_ATTRIBUTES |
- SA_RIGHT_FILE_WRITE_ATTRIBUTES;
+ SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_FILE_WRITE_ATTRIBUTE;
flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
q.query_secdesc.in.fnum = fnum;
q.query_secdesc.in.secinfo_flags =
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION;
+ SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL;
status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
sd = q.query_secdesc.out.sd;
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
- ace.access_mask = STD_RIGHT_ALL_ACCESS;
+ ace.access_mask = SEC_STD_ALL;
ace.trustee = *test_sid;
status = security_descriptor_dacl_add(sd, &ace);
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
q.query_secdesc.in.fnum = fnum;
q.query_secdesc.in.secinfo_flags =
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION;
+ SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL;
status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
sd = q.query_secdesc.out.sd;
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
- ace.access_mask = STD_RIGHT_ALL_ACCESS;
+ ace.access_mask = SEC_STD_ALL;
ace.trustee = *test_sid;
status = security_descriptor_dacl_add(sd, &ace);
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\rawchkpath"
printf("testing Open on %s\n", "\\.\\\\\\\\\\\\.");
/* findfirst seems to fail with a different error. */
fnum1 = smbcli_nt_create_full(cli->tree, "\\.\\\\\\\\\\\\.",
- 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ 0, SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
printf("testing Open on %s\n", BASEDIR".\\.\\.\\.\\foo\\..\\.\\");
/* findfirst seems to fail with a different error. */
fnum1 = smbcli_nt_create_full(cli->tree, BASEDIR".\\.\\.\\.\\foo\\..\\.\\",
- 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ 0, SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
/* findfirst seems to fail with a different error. */
printf("testing Open on %s\n", BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3");
fnum1 = smbcli_nt_create_full(cli->tree, BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3",
- 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ 0, SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\rawcontext"
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\testeas"
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_mux"
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_DATA;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_notify"
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_ALL;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "system/time.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* enum for whether reads/writes are possible on a file */
enum rdwr_mode {RDWR_NONE, RDWR_RDONLY, RDWR_WRONLY, RDWR_RDWR};
io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_VAL(io.openx.out.access_mask, STD_RIGHT_ALL_ACCESS);
+ CHECK_VAL(io.openx.out.access_mask, SEC_STD_ALL);
smbcli_close(cli->tree, io.openx.out.fnum);
done:
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 1024*1024;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
/* create a directory */
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
smbcli_rmdir(cli->tree, fname);
smbcli_unlink(cli->tree, fname);
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 1024*1024;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
/* create a directory */
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
smbcli_rmdir(cli->tree, fname);
smbcli_unlink(cli->tree, fname);
- io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define CHECK_VAL(v, correct) do { \
if ((v) != (correct)) { \
*/
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_ATTRIBUTES|SA_RIGHT_FILE_WRITE_ATTRIBUTES|STD_RIGHT_SYNCHRONIZE_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
fnum2 = io.ntcreatex.out.fnum;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_ATTRIBUTES|SA_RIGHT_FILE_WRITE_ATTRIBUTES|STD_RIGHT_SYNCHRONIZE_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
static struct {
const char *name;
/* and make sure we can open by alternate name */
smbcli_close(cli->tree, fnum);
- fnum = smbcli_nt_create_full(cli->tree, correct_name, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, correct_name, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
if (fnum == -1) {
printf("Unable to open by alt_name - %s\n", smbcli_errstr(cli->tree));
ret = False;
*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define CHECK_STATUS(status, correct) do { \
if (!NT_STATUS_EQUAL(status, correct)) { \
op.generic.level = RAW_OPEN_NTCREATEX;
op.ntcreatex.in.root_fid = 0;
op.ntcreatex.in.flags = 0;
- op.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ op.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
op.ntcreatex.in.create_options = 0;
op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
op.ntcreatex.in.share_access =
smbcli_close(cli->tree, fnum);
- op.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_READ;
+ op.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
op.ntcreatex.in.share_access =
NTCREATEX_SHARE_ACCESS_DELETE |
NTCREATEX_SHARE_ACCESS_READ |
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\teststreams"
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_WRITE_DATA;
+ io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = 0;
io.ntcreatex.in.fname = sname2;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
- io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
init_samr_String(&name, TEST_ALIASNAME);
r.in.domain_handle = domain_handle;
r.in.aliasname = &name;
- r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.alias_handle = alias_handle;
r.out.rid = &rid;
#include "includes.h"
#include "librpc/gen_ndr/ndr_svcctl.h"
+#include "librpc/gen_ndr/ndr_security.h"
static BOOL test_EnumServicesStatus(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *h)
{
#include "system/time.h"
#include "system/wait.h"
#include "ioctl.h"
+#include "librpc/gen_ndr/ndr_security.h"
int torture_nprocs=4;
int torture_numops=100;
do {
struct timeval tv;
tv = timeval_current();
- fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
- NTCREATEX_DISP_OPEN_IF, 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum != -1) {
break;
}
/* FIRST_DESIRED_ACCESS 0xf019f */
-#define FIRST_DESIRED_ACCESS SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA|\
- SA_RIGHT_FILE_READ_EA| /* 0xf */ \
- SA_RIGHT_FILE_WRITE_EA|SA_RIGHT_FILE_READ_ATTRIBUTES| /* 0x90 */ \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES| /* 0x100 */ \
- STD_RIGHT_DELETE_ACCESS|STD_RIGHT_READ_CONTROL_ACCESS|\
- STD_RIGHT_WRITE_DAC_ACCESS|STD_RIGHT_WRITE_OWNER_ACCESS /* 0xf0000 */
+#define FIRST_DESIRED_ACCESS SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA|\
+ SEC_FILE_READ_EA| /* 0xf */ \
+ SEC_FILE_WRITE_EA|SEC_FILE_READ_ATTRIBUTE| /* 0x90 */ \
+ SEC_FILE_WRITE_ATTRIBUTE| /* 0x100 */ \
+ SEC_STD_DELETE|SEC_STD_READ_CONTROL|\
+ SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER /* 0xf0000 */
/* SECOND_DESIRED_ACCESS 0xe0080 */
-#define SECOND_DESIRED_ACCESS SA_RIGHT_FILE_READ_ATTRIBUTES| /* 0x80 */ \
- STD_RIGHT_READ_CONTROL_ACCESS|STD_RIGHT_WRITE_DAC_ACCESS|\
- STD_RIGHT_WRITE_OWNER_ACCESS /* 0xe0000 */
+#define SECOND_DESIRED_ACCESS SEC_FILE_READ_ATTRIBUTE| /* 0x80 */ \
+ SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|\
+ SEC_STD_WRITE_OWNER /* 0xe0000 */
#if 0
-#define THIRD_DESIRED_ACCESS FILE_READ_ATTRIBUTES| /* 0x80 */ \
- READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|\
- SA_RIGHT_FILE_READ_DATA|\
- WRITE_OWNER_ACCESS /* */
+#define THIRD_DESIRED_ACCESS FILE_READ_ATTRIBUTE| /* 0x80 */ \
+ READ_CONTROL|WRITE_DAC|\
+ SEC_FILE_READ_DATA|\
+ WRITE_OWNER /* */
#endif
/*
}
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
- FIRST_DESIRED_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
- NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF,
- 0x4044, 0);
+ FIRST_DESIRED_ACCESS,
+ FILE_ATTRIBUTE_ARCHIVE,
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0x4044, 0);
if (fnum1 == -1) {
printf("First open failed - %s\n", smbcli_errstr(cli1->tree));
}
while(1) {
- fnum = smbcli_nt_create_full(cli1->tree, pipe_name, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+ fnum = smbcli_nt_create_full(cli1->tree, pipe_name, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum == -1) {
printf("TEST #1 testing 2 non-io opens (no delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
printf("test 1 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
printf("TEST #2 testing 2 non-io opens (first with delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
printf("TEST #3 testing 2 non-io opens (second with delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
printf("TEST #4 testing 2 non-io opens (both with delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 != -1) {
printf("TEST #5 testing 2 non-io opens (both with delete - both with file share delete)\n");
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
smbcli_unlink(cli1->tree, fname);
- fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+ fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
return False;
}
- fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+ fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 != -1) {
#include "libcli/raw/libcliraw.h"
#include "system/shmem.h"
#include "system/time.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
- io.ntcreatex.in.access_mask = SA_RIGHT_FILE_ALL_ACCESS;
+ io.ntcreatex.in.access_mask = SEC_FILE_ALL;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
NTSTATUS status;
smbcli_unlink(cli->tree, fname);
- fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
- FILE_ATTRIBUTE_NORMAL,
- NTCREATEX_SHARE_ACCESS_DELETE|
- NTCREATEX_SHARE_ACCESS_READ|
- NTCREATEX_SHARE_ACCESS_WRITE,
- NTCREATEX_DISP_OVERWRITE_IF,
- 0, 0);
+ fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+ SEC_RIGHTS_FULL_CONTROL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_DELETE|
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ NTCREATEX_DISP_OVERWRITE_IF,
+ 0, 0);
if (fnum == -1) return -1;
smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));