Tidied up security rights definitions.
authorJeremy Allison <jra@samba.org>
Thu, 10 Aug 2000 19:51:45 +0000 (19:51 +0000)
committerJeremy Allison <jra@samba.org>
Thu, 10 Aug 2000 19:51:45 +0000 (19:51 +0000)
Jeremy.
(This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d)

source3/include/rpc_secdes.h
source3/include/rpc_spoolss.h
source3/include/smb.h
source3/lib/util_seaccess.c
source3/printing/nt_printing.c
source3/rpc_server/srv_lsa.c
source3/rpcclient/display_sec.c

index 13b8494b2ed65d01e662990dc0497cd71233a596..9acc4511e89511503360b90a08d7a09ae18fa714 100644 (file)
 #define SEC_RIGHTS_ENUM_SUBKEYS   0x00000008
 #define SEC_RIGHTS_NOTIFY         0x00000010
 #define SEC_RIGHTS_CREATE_LINK    0x00000020
-#define SEC_RIGHTS_DELETE         0x00010000
-#define SEC_RIGHTS_READ_CONTROL   0x00020000
-#define SEC_RIGHTS_WRITE_DAC      0x00040000
-#define SEC_RIGHTS_WRITE_OWNER    0x00080000
 
 #define SEC_RIGHTS_READ           0x00020019
 #define SEC_RIGHTS_FULL_CONTROL   0x000f003f
index 6781dc6aea065d24c1f5c14b254989ae2d3debec..1e0a53d9e05a3cd016861815bcff21065e8cfc5f 100755 (executable)
 #define PRINTER_ACCESS_USE             0x00000008
 #define JOB_ACCESS_ADMINISTER          0x00000010
 
-#define STANDARD_RIGHTS_READ           0x00020000
-#define STANDARD_RIGHTS_WRITE          STANDARD_RIGHTS_READ
-#define STANDARD_RIGHTS_EXECUTE                STANDARD_RIGHTS_READ
-#define STANDARD_RIGHTS_REQUIRED       0x000F0000
-
 /* Access rights for print servers */
-#define SERVER_ALL_ACCESS      STANDARD_RIGHTS_REQUIRED|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
-#define SERVER_READ            STANDARD_RIGHTS_READ|SERVER_ACCESS_ENUMERATE
-#define SERVER_WRITE           STANDARD_RIGHTS_WRITE|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
-#define SERVER_EXECUTE         STANDARD_RIGHTS_EXECUTE|SERVER_ACCESS_ENUMERATE
+#define SERVER_ALL_ACCESS      STANDARD_RIGHTS_REQUIRED_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_READ            STANDARD_RIGHTS_READ_ACCESS|SERVER_ACCESS_ENUMERATE
+#define SERVER_WRITE           STANDARD_RIGHTS_WRITE_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_EXECUTE         STANDARD_RIGHTS_EXECUTE_ACCESS|SERVER_ACCESS_ENUMERATE
 
 /* Access rights for printers */
-#define PRINTER_ALL_ACCESS     STANDARD_RIGHTS_REQUIRED|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE
-#define PRINTER_READ          STANDARD_RIGHTS_READ|PRINTER_ACCESS_USE
-#define PRINTER_WRITE         STANDARD_RIGHTS_WRITE|PRINTER_ACCESS_USE
-#define PRINTER_EXECUTE       STANDARD_RIGHTS_EXECUTE|PRINTER_ACCESS_USE
+#define PRINTER_ALL_ACCESS     STANDARD_RIGHTS_REQUIRED_ACCESS|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE
+#define PRINTER_READ          STANDARD_RIGHTS_READ_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_WRITE         STANDARD_RIGHTS_WRITE_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_EXECUTE       STANDARD_RIGHTS_EXECUTE_ACCESS|PRINTER_ACCESS_USE
 
 /* Access rights for jobs */
-#define JOB_ALL_ACCESS STANDARD_RIGHTS_REQUIRED|JOB_ACCESS_ADMINISTER
-#define JOB_READ       STANDARD_RIGHTS_READ|JOB_ACCESS_ADMINISTER
-#define JOB_WRITE      STANDARD_RIGHTS_WRITE|JOB_ACCESS_ADMINISTER
-#define JOB_EXECUTE    STANDARD_RIGHTS_EXECUTE|JOB_ACCESS_ADMINISTER
+#define JOB_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_READ       STANDARD_RIGHTS_READ_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_WRITE      STANDARD_RIGHTS_WRITE_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_EXECUTE    STANDARD_RIGHTS_EXECUTE_ACCESS|JOB_ACCESS_ADMINISTER
 
 #define POLICY_HND_SIZE 20
 
index 03d4b4c9b3b4e7e0462f32b7559698deb3fc91c8..bd7f82874711e199b003f499f9de0a62ab40ece4 100644 (file)
@@ -1154,21 +1154,22 @@ struct bitmap {
 #define WRITE_OWNER_ACCESS   (1L<<19)
 #define SYNCHRONIZE_ACCESS   (1L<<20)
 
+/* Combinations of standard masks. */
+#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)
+#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS)
+#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS)
+
 #define SYSTEM_SECURITY_ACCESS (1L<<24)
+#define MAXIMUM_ALLOWED_ACCESS (1L<<25)
 #define GENERIC_ALL_ACCESS   (1<<28)
 #define GENERIC_EXECUTE_ACCESS  (1<<29)
 #define GENERIC_WRITE_ACCESS   (1<<30)
 #define GENERIC_READ_ACCESS   (((unsigned)1)<<31)
 
-#define FILE_ALL_STANDARD_ACCESS 0x1F0000
-
 /* Mapping of access rights to UNIX perms. */
-#if 0 /* Don't use all here... JRA. */
-#define UNIX_ACCESS_RWX (FILE_ALL_ATTRIBUTES|FILE_ALL_STANDARD_ACCESS)
-#else
 #define UNIX_ACCESS_RWX (UNIX_ACCESS_R|UNIX_ACCESS_W|UNIX_ACCESS_X)
-#endif
-
 #define UNIX_ACCESS_R (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
                        FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_READ_DATA)
 #define UNIX_ACCESS_W (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
index 486db7c8c809416d78c3903fea7d06c09e4eb383..cacdad16fd623b3c740bbbbde16f2a17e6e13136 100644 (file)
@@ -241,16 +241,16 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
                                /*
                                 * The owner always has SEC_RIGHTS_WRITE_DAC.
                                 */
-                               if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC)
-                                       tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC;
+                               if (tmp_acc_desired & WRITE_DAC_ACCESS)
+                                       tmp_acc_desired &= ~WRITE_DAC_ACCESS;
                        }
                }
        }
 
        acl = sd->dacl;
 
-       if (tmp_acc_desired & SEC_RIGHTS_MAXIMUM_ALLOWED) {
-               tmp_acc_desired &= ~SEC_RIGHTS_MAXIMUM_ALLOWED;
+       if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) {
+               tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS;
                return get_max_access( acl, token, acc_granted, tmp_acc_desired, status);
        }
 
index 2f32a5ac2e39fbb0f68108201b2be6ecb005b74c..eefcd2384dd1be8f68456abc3ed3e9e135aaaf0c 100644 (file)
@@ -1987,7 +1987,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void)
                }
        }
 
-       init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+       init_sec_access(&sa, PRINTER_ACE_MANAGE_DOCUMENTS | PRINTER_ACE_PRINT);
        init_sec_ace(&ace[1], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
                     sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
 
index dc97d6db445095fb39679edc268331f9b3d83b7a..f37bb249ba4fb1ba448a77d6394805f0d2735b49 100644 (file)
@@ -305,8 +305,7 @@ static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
                memset(dom_name, '\0', sizeof(dom_name));
                memset(name, '\0', sizeof(name));
 
-               status = winbind_lookup_sid(&find_sid, dom_name, name, 
-                                           &sid_name_use);
+               status = lookup_sid(&find_sid, dom_name, name, &sid_name_use);
 
                if (!status) {
                        sid_name_use = SID_NAME_UNKNOWN;
index 44e7e6e8aa414bbd9746ef27e1235fcb18852d04..a428a9568633956a73411f4c9c57f65e7bd799bd 100644 (file)
@@ -64,10 +64,10 @@ static const char *get_sec_mask_str(uint32 type)
                                case SEC_RIGHTS_ENUM_SUBKEYS   : fstrcat(typestr, "Enum "); break;
                                case SEC_RIGHTS_NOTIFY         : fstrcat(typestr, "Notify "); break;
                                case SEC_RIGHTS_CREATE_LINK    : fstrcat(typestr, "CreateLink "); break;
-                               case SEC_RIGHTS_DELETE         : fstrcat(typestr, "Delete "); break;
-                               case SEC_RIGHTS_READ_CONTROL   : fstrcat(typestr, "ReadControl "); break;
-                               case SEC_RIGHTS_WRITE_DAC      : fstrcat(typestr, "WriteDAC "); break;
-                               case SEC_RIGHTS_WRITE_OWNER    : fstrcat(typestr, "WriteOwner "); break;
+                               case DELETE_ACCESS             : fstrcat(typestr, "Delete "); break;
+                               case READ_CONTROL_ACCESS       : fstrcat(typestr, "ReadControl "); break;
+                               case WRITE_DAC_ACCESS          : fstrcat(typestr, "WriteDAC "); break;
+                               case WRITE_OWNER_ACCESS        : fstrcat(typestr, "WriteOwner "); break;
                        }
                        type &= ~(1 << i);
                }