#define SAMR_SET_USERINFO 0x3A
#define SAMR_CONNECT4 0x3E
-/* Access bits to the SAM-object */
-
-#define SAMR_ACCESS_UNKNOWN_1 0x00000001
-#define SAMR_ACCESS_SHUTDOWN_SERVER 0x00000002
-#define SAMR_ACCESS_UNKNOWN_4 0x00000004
-#define SAMR_ACCESS_UNKNOWN_8 0x00000008
-#define SAMR_ACCESS_ENUM_DOMAINS 0x00000010
-#define SAMR_ACCESS_OPEN_DOMAIN 0x00000020
-
-#define SAMR_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
- SAMR_ACCESS_OPEN_DOMAIN | \
- SAMR_ACCESS_ENUM_DOMAINS | \
- SAMR_ACCESS_UNKNOWN_8 | \
- SAMR_ACCESS_UNKNOWN_4 | \
- SAMR_ACCESS_SHUTDOWN_SERVER | \
- SAMR_ACCESS_UNKNOWN_1 )
-
-#define SAMR_READ ( STANDARD_RIGHTS_READ_ACCESS | \
- SAMR_ACCESS_ENUM_DOMAINS )
-
-#define SAMR_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
- SAMR_ACCESS_UNKNOWN_8 | \
- SAMR_ACCESS_UNKNOWN_4 | \
- SAMR_ACCESS_SHUTDOWN_SERVER )
-
-#define SAMR_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SAMR_ACCESS_OPEN_DOMAIN | \
- SAMR_ACCESS_UNKNOWN_1 )
-
-/* Access bits to Domain-objects */
-
-#define DOMAIN_ACCESS_LOOKUP_INFO_1 0x000000001
-#define DOMAIN_ACCESS_SET_INFO_1 0x000000002
-#define DOMAIN_ACCESS_LOOKUP_INFO_2 0x000000004
-#define DOMAIN_ACCESS_SET_INFO_2 0x000000008
-#define DOMAIN_ACCESS_CREATE_USER 0x000000010
-#define DOMAIN_ACCESS_CREATE_GROUP 0x000000020
-#define DOMAIN_ACCESS_CREATE_ALIAS 0x000000040
-#define DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM 0x000000080
-#define DOMAIN_ACCESS_ENUM_ACCOUNTS 0x000000100
-#define DOMAIN_ACCESS_OPEN_ACCOUNT 0x000000200
-#define DOMAIN_ACCESS_SET_INFO_3 0x000000400
-
-#define DOMAIN_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
- DOMAIN_ACCESS_SET_INFO_3 | \
- DOMAIN_ACCESS_OPEN_ACCOUNT | \
- DOMAIN_ACCESS_ENUM_ACCOUNTS | \
- DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM | \
- DOMAIN_ACCESS_CREATE_ALIAS | \
- DOMAIN_ACCESS_CREATE_GROUP | \
- DOMAIN_ACCESS_CREATE_USER | \
- DOMAIN_ACCESS_SET_INFO_2 | \
- DOMAIN_ACCESS_LOOKUP_INFO_2 | \
- DOMAIN_ACCESS_SET_INFO_1 | \
- DOMAIN_ACCESS_LOOKUP_INFO_1 )
-
-#define DOMAIN_READ ( STANDARD_RIGHTS_READ_ACCESS | \
- DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM | \
- DOMAIN_ACCESS_LOOKUP_INFO_2 )
-
-#define DOMAIN_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
- DOMAIN_ACCESS_SET_INFO_3 | \
- DOMAIN_ACCESS_CREATE_ALIAS | \
- DOMAIN_ACCESS_CREATE_GROUP | \
- DOMAIN_ACCESS_CREATE_USER | \
- DOMAIN_ACCESS_SET_INFO_2 | \
- DOMAIN_ACCESS_SET_INFO_1 )
-
-#define DOMAIN_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
- DOMAIN_ACCESS_OPEN_ACCOUNT | \
- DOMAIN_ACCESS_ENUM_ACCOUNTS | \
- DOMAIN_ACCESS_LOOKUP_INFO_1 )
-
-/* Access bits to User-objects */
-
-#define USER_ACCESS_GET_NAME_ETC 0x00000001
-#define USER_ACCESS_GET_LOCALE 0x00000002
-#define USER_ACCESS_SET_LOC_COM 0x00000004
-#define USER_ACCESS_GET_LOGONINFO 0x00000008
-#define USER_ACCESS_UNKNOWN_10 0x00000010
-#define USER_ACCESS_SET_ATTRIBUTES 0x00000020
-#define USER_ACCESS_CHANGE_PASSWORD 0x00000040
-#define USER_ACCESS_SET_PASSWORD 0x00000080
-#define USER_ACCESS_GET_GROUPS 0x00000100
-#define USER_ACCESS_UNKNOWN_200 0x00000200
-#define USER_ACCESS_UNKNOWN_400 0x00000400
-
-#define USER_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
- USER_ACCESS_UNKNOWN_400 | \
- USER_ACCESS_UNKNOWN_200 | \
- USER_ACCESS_GET_GROUPS | \
- USER_ACCESS_SET_PASSWORD | \
- USER_ACCESS_CHANGE_PASSWORD | \
- USER_ACCESS_SET_ATTRIBUTES | \
- USER_ACCESS_UNKNOWN_10 | \
- USER_ACCESS_GET_LOGONINFO | \
- USER_ACCESS_SET_LOC_COM | \
- USER_ACCESS_GET_LOCALE | \
- USER_ACCESS_GET_NAME_ETC )
-
-#define USER_READ ( STANDARD_RIGHTS_READ_ACCESS | \
- USER_ACCESS_UNKNOWN_200 | \
- USER_ACCESS_GET_GROUPS | \
- USER_ACCESS_UNKNOWN_10 | \
- USER_ACCESS_GET_LOGONINFO | \
- USER_ACCESS_GET_LOCALE )
-
-#define USER_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
- USER_ACCESS_CHANGE_PASSWORD | \
- USER_ACCESS_SET_LOC_COM )
-
-#define USER_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
- USER_ACCESS_CHANGE_PASSWORD | \
- USER_ACCESS_GET_NAME_ETC )
-
-/* Access bits to Group-objects */
-
-#define GROUP_ACCESS_LOOKUP_INFO 0x00000001
-#define GROUP_ACCESS_SET_INFO 0x00000002
-#define GROUP_ACCESS_ADD_MEMBER 0x00000004
-#define GROUP_ACCESS_REMOVE_MEMBER 0x00000008
-#define GROUP_ACCESS_GET_MEMBERS 0x00000010
-
-#define GROUP_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
- GROUP_ACCESS_GET_MEMBERS | \
- GROUP_ACCESS_REMOVE_MEMBER | \
- GROUP_ACCESS_ADD_MEMBER | \
- GROUP_ACCESS_SET_INFO | \
- GROUP_ACCESS_LOOKUP_INFO )
-
-#define GROUP_READ ( STANDARD_RIGHTS_READ_ACCESS | \
- GROUP_ACCESS_GET_MEMBERS )
-
-#define GROUP_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
- GROUP_ACCESS_REMOVE_MEMBER | \
- GROUP_ACCESS_ADD_MEMBER | \
- GROUP_ACCESS_SET_INFO )
-
-#define GROUP_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
- GROUP_ACCESS_LOOKUP_INFO )
-
-/* Access bits to Alias-objects */
-
-#define ALIAS_ACCESS_ADD_MEMBER 0x00000001
-#define ALIAS_ACCESS_REMOVE_MEMBER 0x00000002
-#define ALIAS_ACCESS_GET_MEMBERS 0x00000004
-#define ALIAS_ACCESS_LOOKUP_INFO 0x00000008
-#define ALIAS_ACCESS_SET_INFO 0x00000010
-
-#define ALIAS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
- ALIAS_ACCESS_GET_MEMBERS | \
- ALIAS_ACCESS_REMOVE_MEMBER | \
- ALIAS_ACCESS_ADD_MEMBER | \
- ALIAS_ACCESS_SET_INFO | \
- ALIAS_ACCESS_LOOKUP_INFO )
-
-#define ALIAS_READ ( STANDARD_RIGHTS_READ_ACCESS | \
- ALIAS_ACCESS_GET_MEMBERS )
-
-#define ALIAS_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
- ALIAS_ACCESS_REMOVE_MEMBER | \
- ALIAS_ACCESS_ADD_MEMBER | \
- ALIAS_ACCESS_SET_INFO )
-
-#define ALIAS_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
- ALIAS_ACCESS_LOOKUP_INFO )
typedef struct _DISP_USER_INFO {
SAM_ACCOUNT *sam;
#define SEC_RIGHTS_READ 0x00020019
#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
+
/* for ADS */
#define SEC_RIGHTS_LIST_CONTENTS 0x4
#define SEC_RIGHTS_LIST_OBJECT 0x80
uint32 std_all;
} STANDARD_MAPPING;
+
+/* Security Access Masks Rights */
+
+#define SPECIFIC_RIGHTS_MASK 0x0000FFFF
+#define STANDARD_RIGHTS_MASK 0x00FF0000
+#define GENERIC_RIGHTS_MASK 0xF0000000
+
+#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
+#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
+
+/* Generic access rights */
+
+#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
+#define GENERIC_RIGHT_EXECUTE_ACCESS 0x20000000
+#define GENERIC_RIGHT_WRITE_ACCESS 0x40000000
+#define GENERIC_RIGHT_READ_ACCESS 0x80000000
+
+/* Standard access rights. */
+
+#define STD_RIGHT_DELETE_ACCESS 0x00010000
+#define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
+#define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
+#define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
+#define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
+
+#define STD_RIGHT_ALL_ACCESS 0x001F0000
+
+/* Combinations of standard masks. */
+#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
+#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
+#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
+#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
+#define STANDARD_RIGHTS_REQUIRED_ACCESS \
+ (STD_RIGHT_DELETE_ACCESS | \
+ STD_RIGHT_READ_CONTROL_ACCESS | \
+ STD_RIGHT_WRITE_DAC_ACCESS | \
+ STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */
+
+/* File Object specific access rights */
+
+#define SA_RIGHT_FILE_READ_DATA 0x00000001
+#define SA_RIGHT_FILE_WRITE_DATA 0x00000002
+#define SA_RIGHT_FILE_APPEND_DATA 0x00000004
+#define SA_RIGHT_FILE_READ_EA 0x00000008
+#define SA_RIGHT_FILE_WRITE_EA 0x00000010
+#define SA_RIGHT_FILE_EXECUTE 0x00000020
+#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
+#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
+#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
+
+#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
+
+#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
+ (STANDARD_RIGHTS_REQUIRED_ACCESS| \
+ STD_RIGHT_SYNCHRONIZE_ACCESS | \
+ SA_RIGHT_FILE_ALL_ACCESS)
+
+#define GENERIC_RIGHTS_FILE_READ \
+ (STANDARD_RIGHTS_READ_ACCESS | \
+ STD_RIGHT_SYNCHRONIZE_ACCESS | \
+ SA_RIGHT_FILE_READ_DATA | \
+ SA_RIGHT_FILE_READ_ATTRIBUTES | \
+ SA_RIGHT_FILE_READ_EA)
+
+#define GENERIC_RIGHTS_FILE_WRITE \
+ (STANDARD_RIGHTS_WRITE_ACCESS | \
+ STD_RIGHT_SYNCHRONIZE_ACCESS | \
+ SA_RIGHT_FILE_WRITE_DATA | \
+ SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
+ SA_RIGHT_FILE_WRITE_EA | \
+ SA_RIGHT_FILE_APPEND_DATA)
+
+#define GENERIC_RIGHTS_FILE_EXECUTE \
+ (STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ SA_RIGHT_FILE_READ_ATTRIBUTES | \
+ SA_RIGHT_FILE_EXECUTE)
+
+
+/* SAM Object specific access rights */
+
+#define SA_RIGHT_SAM_UNKNOWN_1 0x00000001
+#define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
+#define SA_RIGHT_SAM_UNKNOWN_4 0x00000004
+#define SA_RIGHT_SAM_UNKNOWN_8 0x00000008
+#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
+#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
+
+#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
+
+#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
+ (STANDARD_RIGHTS_REQUIRED_ACCESS| \
+ SA_RIGHT_SAM_ALL_ACCESS)
+
+#define GENERIC_RIGHTS_SAM_READ \
+ (STANDARD_RIGHTS_READ_ACCESS | \
+ SA_RIGHT_SAM_ENUM_DOMAINS)
+
+#define GENERIC_RIGHTS_SAM_WRITE \
+ (STANDARD_RIGHTS_WRITE_ACCESS | \
+ SA_RIGHT_SAM_UNKNOWN_8 | \
+ SA_RIGHT_SAM_UNKNOWN_4 | \
+ SA_RIGHT_SAM_SHUTDOWN_SERVER)
+
+#define GENERIC_RIGHTS_SAM_EXECUTE \
+ (STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ SA_RIGHT_SAM_OPEN_DOMAIN | \
+ SA_RIGHT_SAM_UNKNOWN_1)
+
+
+/* Domain Object specific access rights */
+
+#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
+#define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
+#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
+#define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
+#define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
+#define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
+#define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
+#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
+#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
+#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
+#define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
+
+#define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
+
+#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
+ (STANDARD_RIGHTS_REQUIRED_ACCESS| \
+ SA_RIGHT_DOMAIN_ALL_ACCESS)
+
+#define GENERIC_RIGHTS_DOMAIN_READ \
+ (STANDARD_RIGHTS_READ_ACCESS | \
+ SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
+ SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
+
+#define GENERIC_RIGHTS_DOMAIN_WRITE \
+ (STANDARD_RIGHTS_WRITE_ACCESS | \
+ SA_RIGHT_DOMAIN_SET_INFO_3 | \
+ SA_RIGHT_DOMAIN_CREATE_ALIAS | \
+ SA_RIGHT_DOMAIN_CREATE_GROUP | \
+ SA_RIGHT_DOMAIN_CREATE_USER | \
+ SA_RIGHT_DOMAIN_SET_INFO_2 | \
+ SA_RIGHT_DOMAIN_SET_INFO_1)
+
+#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
+ (STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
+ SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
+
+
+/* User Object specific access rights */
+
+#define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
+#define SA_RIGHT_USER_GET_LOCALE 0x00000002
+#define SA_RIGHT_USER_SET_LOC_COM 0x00000004
+#define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
+#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
+#define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
+#define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
+#define SA_RIGHT_USER_SET_PASSWORD 0x00000080
+#define SA_RIGHT_USER_GET_GROUPS 0x00000100
+#define SA_RIGHT_USER_UNKNOWN_200 0x00000200
+#define SA_RIGHT_USER_UNKNOWN_400 0x00000400
+
+#define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
+
+#define GENERIC_RIGHTS_USER_ALL_ACCESS \
+ (STANDARD_RIGHTS_REQUIRED_ACCESS| \
+ SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
+
+#define GENERIC_RIGHTS_USER_READ \
+ (STANDARD_RIGHTS_READ_ACCESS | \
+ SA_RIGHT_USER_UNKNOWN_200 | \
+ SA_RIGHT_USER_GET_GROUPS | \
+ SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
+ SA_RIGHT_USER_GET_LOGONINFO | \
+ SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
+
+#define GENERIC_RIGHTS_USER_WRITE \
+ (STANDARD_RIGHTS_WRITE_ACCESS | \
+ SA_RIGHT_USER_CHANGE_PASSWORD | \
+ SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */
+
+#define GENERIC_RIGHTS_USER_EXECUTE \
+ (STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ SA_RIGHT_USER_CHANGE_PASSWORD | \
+ SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
+
+
+/* Group Object specific access rights */
+
+#define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
+#define SA_RIGHT_GROUP_SET_INFO 0x00000002
+#define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
+#define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
+#define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
+
+#define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
+
+#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
+ (STANDARD_RIGHTS_REQUIRED_ACCESS| \
+ SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
+
+#define GENERIC_RIGHTS_GROUP_READ \
+ (STANDARD_RIGHTS_READ_ACCESS | \
+ SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
+
+#define GENERIC_RIGHTS_GROUP_WRITE \
+ (STANDARD_RIGHTS_WRITE_ACCESS | \
+ SA_RIGHT_GROUP_REMOVE_MEMBER | \
+ SA_RIGHT_GROUP_ADD_MEMBER | \
+ SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
+
+#define GENERIC_RIGHTS_GROUP_EXECUTE \
+ (STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
+
+
+/* Alias Object specific access rights */
+
+#define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
+#define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
+#define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
+#define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
+#define SA_RIGHT_ALIAS_SET_INFO 0x00000010
+
+#define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
+
+#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
+ (STANDARD_RIGHTS_REQUIRED_ACCESS| \
+ SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
+
+#define GENERIC_RIGHTS_ALIAS_READ \
+ (STANDARD_RIGHTS_READ_ACCESS | \
+ SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
+
+#define GENERIC_RIGHTS_ALIAS_WRITE \
+ (STANDARD_RIGHTS_WRITE_ACCESS | \
+ SA_RIGHT_ALIAS_REMOVE_MEMBER | \
+ SA_RIGHT_ALIAS_ADD_MEMBER | \
+ SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
+
+#define GENERIC_RIGHTS_ALIAS_EXECUTE \
+ (STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
+
#endif /* _RPC_SECDES_H */
#define WRITE_OWNER_ACCESS (1L<<19) /* 0x00080000 */
#define SYNCHRONIZE_ACCESS (1L<<20) /* 0x00100000 */
-/* Combinations of standard masks. */
-#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS) /* 0x001f0000 */
-#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS) /* 0x00020000 */
-#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS) /* 0x00200000 */
-#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS) /* 0x000f0000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS) /* 0x00020000 */
-
-#define SYSTEM_SECURITY_ACCESS (1L<<24) /* 0x01000000 */
-#define MAXIMUM_ALLOWED_ACCESS (1L<<25) /* 0x02000000 */
+#define SYSTEM_SECURITY_ACCESS (1L<<24) /* 0x01000000 */
+#define MAXIMUM_ALLOWED_ACCESS (1L<<25) /* 0x02000000 */
#define GENERIC_ALL_ACCESS (1<<28) /* 0x10000000 */
#define GENERIC_EXECUTE_ACCESS (1<<29) /* 0x20000000 */
#define GENERIC_WRITE_ACCESS (1<<30) /* 0x40000000 */
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ);
+ init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, SAMR_ALL_ACCESS);
+ init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Simo Sorce 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
DOM_SID global_sid_System; /* System */
DOM_SID global_sid_NULL; /* NULL sid */
DOM_SID global_sid_Authenticated_Users; /* All authenticated rids */
-DOM_SID global_sid_Network; /* Network rids */
+DOM_SID global_sid_Network; /* Network rids */
-static DOM_SID global_sid_Creator_Owner; /* Creator Owner */
-static DOM_SID global_sid_Creator_Group; /* Creator Group */
-static DOM_SID global_sid_Anonymous; /* Anonymous login */
+static DOM_SID global_sid_Creator_Owner; /* Creator Owner */
+static DOM_SID global_sid_Creator_Group; /* Creator Group */
+static DOM_SID global_sid_Anonymous; /* Anonymous login */
+
+DOM_SID global_sid_Builtin; /* Local well-known domain */
+DOM_SID global_sid_Builtin_Administrators; /* Builtin administrators */
+DOM_SID global_sid_Builtin_Users; /* Builtin users */
+DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */
+DOM_SID global_sid_Builtin_Power_Users; /* Builtin power users */
+DOM_SID global_sid_Builtin_Account_Operators; /* Builtin account operators */
+DOM_SID global_sid_Builtin_Server_Operators; /* Builtin server operators */
+DOM_SID global_sid_Builtin_Print_Operators; /* Builtin print operators */
+DOM_SID global_sid_Builtin_Backup_Operators; /* Builtin backup operators */
+DOM_SID global_sid_Builtin_Replicator; /* Builtin replicator */
-DOM_SID global_sid_Builtin; /* Local well-known domain */
-DOM_SID global_sid_Builtin_Administrators;
-DOM_SID global_sid_Builtin_Users;
-DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */
/*
* An NT compatible anonymous token.
if (initialised)
return;
- string_to_sid(&global_sid_Builtin, "S-1-5-32");
- string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544");
- string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545");
- string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546");
string_to_sid(&global_sid_World_Domain, "S-1-1");
string_to_sid(&global_sid_World, "S-1-1-0");
string_to_sid(&global_sid_Creator_Owner_Domain, "S-1-3");
string_to_sid(&global_sid_Network, "S-1-5-2");
string_to_sid(&global_sid_Anonymous, "S-1-5-7");
+ /* create well known builtin SIDs */
+ string_to_sid(&global_sid_Builtin, "S-1-5-32");
+ string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544");
+ string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545");
+ string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546");
+ string_to_sid(&global_sid_Builtin_Power_Users, "S-1-5-32-547");
+ string_to_sid(&global_sid_Builtin_Account_Operators, "S-1-5-32-548");
+ string_to_sid(&global_sid_Builtin_Server_Operators, "S-1-5-32-549");
+ string_to_sid(&global_sid_Builtin_Print_Operators, "S-1-5-32-550");
+ string_to_sid(&global_sid_Builtin_Backup_Operators, "S-1-5-32-551");
+ string_to_sid(&global_sid_Builtin_Replicator, "S-1-5-32-552");
+
/* Create the anon token. */
sid_copy( &anonymous_token.user_sids[0], &global_sid_World);
sid_copy( &anonymous_token.user_sids[1], &global_sid_Network);
if ( fetch_reg_keys( regkey, &subkeys ) == -1 ) {
/* don't really know what to return here */
-
result = NT_STATUS_NO_SUCH_FILE;
}
else {
return False;
}
-
return True;
}
TALLOC_CTX *mem_ctx;
};
-struct generic_mapping sam_generic_mapping = {SAMR_READ, SAMR_WRITE, SAMR_EXECUTE, SAMR_ALL_ACCESS};
-struct generic_mapping dom_generic_mapping = {DOMAIN_READ, DOMAIN_WRITE, DOMAIN_EXECUTE, DOMAIN_ALL_ACCESS};
-struct generic_mapping usr_generic_mapping = {USER_READ, USER_WRITE, USER_EXECUTE, USER_ALL_ACCESS};
-struct generic_mapping grp_generic_mapping = {GROUP_READ, GROUP_WRITE, GROUP_EXECUTE, GROUP_ALL_ACCESS};
-struct generic_mapping ali_generic_mapping = {ALIAS_READ, ALIAS_WRITE, ALIAS_EXECUTE, ALIAS_ALL_ACCESS};
+struct generic_mapping sam_generic_mapping = {GENERIC_RIGHTS_SAM_READ, GENERIC_RIGHTS_SAM_WRITE, GENERIC_RIGHTS_SAM_EXECUTE, GENERIC_RIGHTS_SAM_ALL_ACCESS};
+struct generic_mapping dom_generic_mapping = {GENERIC_RIGHTS_DOMAIN_READ, GENERIC_RIGHTS_DOMAIN_WRITE, GENERIC_RIGHTS_DOMAIN_EXECUTE, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
+struct generic_mapping usr_generic_mapping = {GENERIC_RIGHTS_USER_READ, GENERIC_RIGHTS_USER_WRITE, GENERIC_RIGHTS_USER_EXECUTE, GENERIC_RIGHTS_USER_ALL_ACCESS};
+struct generic_mapping grp_generic_mapping = {GENERIC_RIGHTS_GROUP_READ, GENERIC_RIGHTS_GROUP_WRITE, GENERIC_RIGHTS_GROUP_EXECUTE, GENERIC_RIGHTS_GROUP_ALL_ACCESS};
+struct generic_mapping ali_generic_mapping = {GENERIC_RIGHTS_ALIAS_READ, GENERIC_RIGHTS_ALIAS_WRITE, GENERIC_RIGHTS_ALIAS_EXECUTE, GENERIC_RIGHTS_ALIAS_ALL_ACCESS};
static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size);
if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_OPEN_DOMAIN,"_samr_open_domain"))) {
+ if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN,"_samr_open_domain"))) {
return status;
}
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, DOMAIN_EXECUTE | DOMAIN_READ);
+ init_sec_access(&mask, GENERIC_RIGHTS_DOMAIN_EXECUTE | GENERIC_RIGHTS_DOMAIN_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, DOMAIN_ALL_ACCESS);
+ init_sec_access(&mask, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, USER_EXECUTE | USER_READ);
+ init_sec_access(&mask, GENERIC_RIGHTS_USER_EXECUTE | GENERIC_RIGHTS_USER_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, USER_ALL_ACCESS);
+ init_sec_access(&mask, GENERIC_RIGHTS_USER_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*extended access for the user*/
- init_sec_access(&mask,READ_CONTROL_ACCESS | USER_ACCESS_CHANGE_PASSWORD | USER_ACCESS_SET_LOC_COM);
+ init_sec_access(&mask,READ_CONTROL_ACCESS | SA_RIGHT_USER_CHANGE_PASSWORD | SA_RIGHT_USER_SET_LOC_COM);
init_sec_ace(&ace[3], usr_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL)
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GROUP_EXECUTE | GROUP_READ);
+ init_sec_access(&mask, GENERIC_RIGHTS_GROUP_EXECUTE | GENERIC_RIGHTS_GROUP_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GROUP_ALL_ACCESS);
+ init_sec_access(&mask, GENERIC_RIGHTS_GROUP_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, ALIAS_EXECUTE | ALIAS_READ);
+ init_sec_access(&mask, GENERIC_RIGHTS_ALIAS_EXECUTE | GENERIC_RIGHTS_ALIAS_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, ALIAS_ALL_ACCESS);
+ init_sec_access(&mask, GENERIC_RIGHTS_ALIAS_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
domain_sid = info->sid;
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted,
- DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
"_samr_enum_dom_users"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) {
return r_u->status;
}
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_LOOKUP_INFO, "_samr_query_aliasinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_user"))) {
+ if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user"))) {
return nt_status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, USER_ACCESS_GET_GROUPS, "_samr_query_usergroups"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_USER, "_samr_create_user"))) {
+ if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) {
return nt_status;
}
if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_OPEN_DOMAIN, "_samr_lookup_domain"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_lookup_domain"))) {
return r_u->status;
}
if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_ENUM_DOMAINS, "_samr_enum_domains"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_alias"))) {
+ if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias"))) {
return status;
}
if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- acc_required = USER_ACCESS_SET_LOC_COM | USER_ACCESS_SET_ATTRIBUTES; /* This is probably wrong */
+ acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- acc_required = USER_ACCESS_SET_LOC_COM | USER_ACCESS_SET_ATTRIBUTES; /* This is probably wrong */
+ acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) {
return r_u->status;
}
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- ntstatus1 = access_check_samr_function(info->acc_granted, DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases");
- ntstatus2 = access_check_samr_function(info->acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_query_useraliases");
+ ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases");
+ ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_query_useraliases");
if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) {
if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) &&
return NT_STATUS_INVALID_HANDLE;
if (!NT_STATUS_IS_OK(r_u->status =
- access_check_samr_function(acc_granted, ALIAS_ACCESS_GET_MEMBERS, "_samr_query_aliasmem"))) {
+ access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_GET_MEMBERS, "_samr_query_groupmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_query_groupmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_ADD_MEMBER, "_samr_add_aliasmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_add_aliasmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_REMOVE_MEMBER, "_samr_del_aliasmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_del_aliasmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_ADD_MEMBER, "_samr_add_groupmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_add_groupmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_REMOVE_MEMBER, "_samr_del_groupmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_del_groupmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_user"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_group"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_alias"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_GROUP, "_samr_create_dom_group"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_ALIAS, "_samr_create_alias"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_LOOKUP_INFO, "_samr_query_groupinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_SET_INFO, "_samr_set_groupinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_SET_INFO, "_samr_set_aliasinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_group"))) {
+ if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group"))) {
return status;
}
return nt_status;
}
- if (!se_access_check(sd, access_token, SAMR_ACCESS_ENUM_DOMAINS, &acc_granted, &nt_status)) {
+ if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
return nt_status;
}
return nt_status;
}
- if (!se_access_check(sd, access_token, SAMR_ACCESS_OPEN_DOMAIN, &acc_granted, &nt_status)) {
+ if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
return nt_status;
}
};
/* SamrConnect */
- nt_status = cli_samr_connect(cli, mem_ctx, SAMR_ACCESS_OPEN_DOMAIN,
+ nt_status = cli_samr_connect(cli, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
&connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
/* SamrOpenDomain - we have to open domain policy handle in order to be
able to enumerate accounts*/
nt_status = cli_samr_open_domain(cli, mem_ctx, &connect_hnd,
- DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
&queried_dom_sid, &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open domain object. Error was %s\n",
git.samba.org / sfrench / samba-autobuild / .git / commitdiff