The branch, master has been updated
via 614e010... s3: remove authdata.h
via 4b342b7... s3-build: pure cosmetics, use better names for gen_ndr
code pieces.
via 84a8f04... s3-build: only include generated spoolss headers (not
ndr headers).
via ce85181... s3: remove rpc_secdes.h completely.
via b6a2cea... s3-security: use shared "Standard access rights.".
via 102b0cf... security: move generic_mapping and standard_mapping to
security.idl.
via b5c2af9... s3-security: use shared "File Object specific access
rights".
via 37b978c... s3-security: use shared "Generic access rights".
via 2794d2e... s3-security: use shared Security Access Masks Rights.
via 5cf3b0b... s3-security: move ALL_SECURITY_INFORMATION to the only
user.
via 1bed525... s3-security: remove duplicate Extra W2K flags.
via a75436e... s3-security: use shared SECINFO_DACL define.
via e24a59f... s3-security: use shared SECINFO_SACL define.
via 630c27b... s3-security: use shared SECINFO_GROUP define.
via 415d3d5... s3-security: use shared SECINFO_OWNER define.
via 788d7f9... s3-security: remove some more shared secdesc defines.
from cb1590e... Ensure we remove SMB2 cancel requests from the active
queue now we don't remove them in the talloc destructor.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 614e010daad98081bb7bd03289e9350a49ad81ce
Author: Günther Deschner <g...@samba.org>
Date: Thu Jun 3 01:45:01 2010 +0200
s3: remove authdata.h
Guenther
commit 4b342b73a6706eb6ce4b7e20d273b53583a64358
Author: Günther Deschner <g...@samba.org>
Date: Thu Jun 3 10:25:32 2010 +0200
s3-build: pure cosmetics, use better names for gen_ndr code pieces.
Guenther
commit 84a8f0451d618ad05d451714f309ed3ab4acf57e
Author: Günther Deschner <g...@samba.org>
Date: Thu Jun 3 09:57:50 2010 +0200
s3-build: only include generated spoolss headers (not ndr headers).
Guenther
commit ce851814305d618b20799f00de3b7e11fcd5c954
Author: Günther Deschner <g...@samba.org>
Date: Thu Jun 3 10:49:34 2010 +0200
s3: remove rpc_secdes.h completely.
Guenther
commit b6a2cea74d90499bd3e239ab696502ae8afed30e
Author: Günther Deschner <g...@samba.org>
Date: Thu Jun 3 10:36:05 2010 +0200
s3-security: use shared "Standard access rights.".
Guenther
commit 102b0cfe62c6486846cdfb4938a83e2be4aad912
Author: Günther Deschner <g...@samba.org>
Date: Thu Jun 3 01:27:50 2010 +0200
security: move generic_mapping and standard_mapping to security.idl.
Guenther
commit b5c2af94475337b4769dc464a695ee29bc5e87c7
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:57:09 2010 +0200
s3-security: use shared "File Object specific access rights".
Guenther
commit 37b978c343b5727c7257d7a0a574ba82bb0c9c0f
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:48:15 2010 +0200
s3-security: use shared "Generic access rights".
Guenther
commit 2794d2ee7f8e088060e4b86532176673cf7c2580
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:45:44 2010 +0200
s3-security: use shared Security Access Masks Rights.
Guenther
commit 5cf3b0bba4b45096390fb4bcfb3ad07704d56880
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:45:14 2010 +0200
s3-security: move ALL_SECURITY_INFORMATION to the only user.
Guenther
commit 1bed5254d9ee28d1efc98f32f5a407ae4359803d
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:39:05 2010 +0200
s3-security: remove duplicate Extra W2K flags.
Guenther
commit a75436e3ee11fa1491bfa574523269be716fc892
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:35:44 2010 +0200
s3-security: use shared SECINFO_DACL define.
Guenther
commit e24a59f932897888cadae31469366663aca1a414
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:29:16 2010 +0200
s3-security: use shared SECINFO_SACL define.
Guenther
commit 630c27bdad32086f16dbafdeab94d34fbc3b9b5e
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:25:18 2010 +0200
s3-security: use shared SECINFO_GROUP define.
Guenther
commit 415d3d5fe7637e8f9a649665497d3972391750b6
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:22:12 2010 +0200
s3-security: use shared SECINFO_OWNER define.
Guenther
commit 788d7f9e4ae76105ee481bde42e2ddb8fdac2617
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 2 23:16:32 2010 +0200
s3-security: remove some more shared secdesc defines.
Guenther
-----------------------------------------------------------------------
Summary of changes:
libgpo/gpo_ldap.c | 2 +-
librpc/idl/security.idl | 18 ++++
source3/Makefile.in | 14 ++--
source3/include/authdata.h | 36 --------
source3/include/includes.h | 1 -
source3/include/proto.h | 2 -
source3/include/rpc_secdes.h | 149 -------------------------------
source3/include/smb.h | 3 +-
source3/lib/netapi/localgroup.c | 2 +-
source3/lib/netapi/user.c | 4 +-
source3/lib/secdesc.c | 15 +++-
source3/libads/authdata.c | 1 -
source3/libads/disp_sec.c | 3 +
source3/libsmb/clikrb5.c | 9 ++-
source3/libsmb/clisecdesc.c | 6 +-
source3/modules/nfs4_acls.c | 12 ++--
source3/modules/onefs_acl.c | 24 +++---
source3/modules/vfs_acl_common.c | 64 +++++++-------
source3/modules/vfs_afsacl.c | 10 +-
source3/registry/reg_backend_printing.c | 1 +
source3/rpc_client/init_spoolss.c | 1 +
source3/rpc_server/srv_eventlog_nt.c | 4 +-
source3/rpc_server/srv_lsa_nt.c | 4 +-
source3/rpc_server/srv_samr_nt.c | 16 ++--
source3/rpc_server/srv_spoolss_nt.c | 4 +-
source3/rpc_server/srv_spoolss_util.c | 1 +
source3/rpc_server/srv_srvsvc_nt.c | 14 ++--
source3/rpc_server/srv_svcctl_nt.c | 18 ++--
source3/rpc_server/srv_winreg_nt.c | 4 +-
source3/rpcclient/cmd_lsarpc.c | 2 +-
source3/rpcclient/cmd_samr.c | 2 +-
source3/smbd/file_access.c | 8 +-
source3/smbd/nttrans.c | 8 +-
source3/smbd/open.c | 20 ++--
source3/smbd/posix_acls.c | 26 +++---
source3/smbd/reply.c | 2 +-
source3/utils/net_ads_gpo.c | 2 +-
source3/wscript_build | 12 +--
38 files changed, 185 insertions(+), 339 deletions(-)
delete mode 100644 source3/include/authdata.h
delete mode 100644 source3/include/rpc_secdes.h
Changeset truncated at 500 lines:
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index 66e90fb..367756d 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -485,7 +485,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
"ntSecurityDescriptor",
"versionNumber",
NULL};
- uint32_t sd_flags = DACL_SECURITY_INFORMATION;
+ uint32_t sd_flags = SECINFO_DACL;
ZERO_STRUCTP(gpo);
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index fb1dc0d..7f9e7db 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -519,4 +519,22 @@ interface security
const string GUID_DRS_MONITOR_TOPOLOGY =
"f98340fb-7c5b-4cdb-a00b-2ebdfa115a96";
const string GUID_DRS_REPL_SYNCRONIZE =
"1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
const string GUID_DRS_RO_REPL_SECRET_SYNC =
"1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
+
+
+ /* A type to describe the mapping of generic access rights to object
+ specific access rights. */
+
+ typedef struct {
+ uint32 generic_read;
+ uint32 generic_write;
+ uint32 generic_execute;
+ uint32 generic_all;
+ } generic_mapping;
+
+ typedef struct {
+ uint32 std_read;
+ uint32 std_write;
+ uint32 std_execute;
+ uint32 std_all;
+ } standard_mapping;
}
diff --git a/source3/Makefile.in b/source3/Makefile.in
index c33bf27..89f7073 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -319,10 +319,10 @@ RPCCLIENT_NDR_OBJ = rpc_client/ndr.o
LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \
librpc/gen_ndr/ndr_lsa.o
-LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o \
+LIBNDR_NETLOGON_OBJ = librpc/gen_ndr/ndr_netlogon.o \
../librpc/ndr/ndr_netlogon.o
-LIBNDR_GEN_OBJ2 = librpc/gen_ndr/ndr_spoolss.o \
+LIBNDR_SPOOLSS_OBJ = librpc/gen_ndr/ndr_spoolss.o \
../librpc/ndr/ndr_spoolss_buf.o
LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
@@ -333,7 +333,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
librpc/gen_ndr/ndr_initshutdown.o \
librpc/gen_ndr/ndr_srvsvc.o \
librpc/gen_ndr/ndr_eventlog.o \
- $(LIBNDR_GEN_OBJ1) \
+ $(LIBNDR_NETLOGON_OBJ) \
librpc/gen_ndr/ndr_dssetup.o \
librpc/gen_ndr/ndr_notify.o \
librpc/gen_ndr/ndr_xattr.o \
@@ -341,13 +341,11 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
librpc/gen_ndr/ndr_epmapper.o \
librpc/gen_ndr/ndr_named_pipe_auth.o \
librpc/gen_ndr/ndr_ntsvcs.o \
- $(LIBNDR_GEN_OBJ2)
-
-RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
+ $(LIBNDR_SPOOLSS_OBJ)
# this includes only the low level parse code, not stuff
# that requires knowledge of security contexts
-RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0)
+RPC_PARSE_OBJ1 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o \
rpc_client/init_netlogon.o \
@@ -1311,7 +1309,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ)
$(POPT_LIB_OBJ) \
$(PASSDB_OBJ) $(LIBTSOCKET_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
$(WBCOMMON_OBJ) \
- $(LIBNDR_GEN_OBJ0) $(LIBNDR_GEN_OBJ1) @BUILD_INIPARSER@
+ $(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@
VLP_OBJ = printing/tests/vlp.o \
diff --git a/source3/include/authdata.h b/source3/include/authdata.h
deleted file mode 100644
index f9578aa..0000000
--- a/source3/include/authdata.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Kerberos authorization data
- Copyright (C) Jim McDonough <j...@us.ibm.com> 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _AUTHDATA_H
-#define _AUTHDATA_H
-
-#define PAC_TYPE_LOGON_INFO 1
-#define PAC_TYPE_SERVER_CHECKSUM 6
-#define PAC_TYPE_PRIVSVR_CHECKSUM 7
-#define PAC_TYPE_LOGON_NAME 10
-
-#ifndef KRB5_AUTHDATA_WIN2K_PAC
-#define KRB5_AUTHDATA_WIN2K_PAC 128
-#endif
-
-#ifndef KRB5_AUTHDATA_IF_RELEVANT
-#define KRB5_AUTHDATA_IF_RELEVANT 1
-#endif
-
-#endif
diff --git a/source3/include/includes.h b/source3/include/includes.h
index de1d419..02a8494 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -649,7 +649,6 @@ extern void *cmdline_lp_ctx;
#include "rpc_dce.h"
#include "mapping.h"
#include "passdb.h"
-#include "rpc_secdes.h"
#include "msdfs.h"
struct ntlmssp_state;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5d8a997..590f3fb 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2046,8 +2046,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT
*ads, char *host_princip
ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
char **returned_principal);
-#include "librpc/gen_ndr/ndr_spoolss.h"
-
/* The following definitions come from librpc/ndr/util.c */
enum ndr_err_code ndr_push_server_id(struct ndr_push *ndr, int ndr_flags,
const struct server_id *r);
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
deleted file mode 100644
index e21767e..0000000
--- a/source3/include/rpc_secdes.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SMB parameters and setup
- Copyright (C) Andrew Tridgell 1992-2000
- Copyright (C) Luke Kenneth Casson Leighton 1996-2000
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
-#define _RPC_SECDES_H
-
-/* for ADS */
-#define SEC_RIGHTS_FULL_CTRL 0xf01ff
-
-/*
- * New Windows 2000 bits.
- */
-#define SE_DESC_DACL_AUTO_INHERIT_REQ 0x0100
-#define SE_DESC_SACL_AUTO_INHERIT_REQ 0x0200
-#define SE_DESC_DACL_AUTO_INHERITED 0x0400
-#define SE_DESC_SACL_AUTO_INHERITED 0x0800
-#define SE_DESC_DACL_PROTECTED 0x1000
-#define SE_DESC_SACL_PROTECTED 0x2000
-
-/* security information */
-#define OWNER_SECURITY_INFORMATION 0x00000001
-#define GROUP_SECURITY_INFORMATION 0x00000002
-#define DACL_SECURITY_INFORMATION 0x00000004
-#define SACL_SECURITY_INFORMATION 0x00000008
-/* Extra W2K flags. */
-#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
-#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
-#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
-#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
-
-#define ALL_SECURITY_INFORMATION
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
-
DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
- UNPROTECTED_SACL_SECURITY_INFORMATION|\
- UNPROTECTED_DACL_SECURITY_INFORMATION|\
- PROTECTED_SACL_SECURITY_INFORMATION|\
- PROTECTED_DACL_SECURITY_INFORMATION)
-
-/* A type to describe the mapping of generic access rights to object
- specific access rights. */
-
-struct generic_mapping {
- uint32 generic_read;
- uint32 generic_write;
- uint32 generic_execute;
- uint32 generic_all;
-};
-
-struct standard_mapping {
- uint32 std_read;
- uint32 std_write;
- uint32 std_execute;
- uint32 std_all;
-};
-
-
-/* Security Access Masks Rights */
-
-#define SPECIFIC_RIGHTS_MASK 0x0000FFFF
-#define STANDARD_RIGHTS_MASK 0x00FF0000
-#define GENERIC_RIGHTS_MASK 0xF0000000
-
-/* Generic access rights */
-
-#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
-#define GENERIC_RIGHT_EXECUTE_ACCESS 0x20000000
-#define GENERIC_RIGHT_WRITE_ACCESS 0x40000000
-#define GENERIC_RIGHT_READ_ACCESS 0x80000000
-
-/* Standard access rights. */
-
-#define STD_RIGHT_DELETE_ACCESS 0x00010000
-#define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
-#define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
-#define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
-#define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
-
-#define STD_RIGHT_ALL_ACCESS 0x001F0000
-
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA 0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA 0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA 0x00000004
-#define SA_RIGHT_FILE_READ_EA 0x00000008
-#define SA_RIGHT_FILE_WRITE_EA 0x00000010
-#define SA_RIGHT_FILE_EXECUTE 0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
-
-#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_READ_DATA | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_WRITE_DATA | \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
- SA_RIGHT_FILE_WRITE_EA | \
- SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_EXECUTE)
-
-#define GENERIC_RIGHTS_FILE_MODIFY \
- (STANDARD_RIGHTS_MODIFY_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- STD_RIGHT_DELETE_ACCESS | \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_EXECUTE | \
- SA_RIGHT_FILE_WRITE_EA | \
- SA_RIGHT_FILE_READ_EA | \
- SA_RIGHT_FILE_APPEND_DATA | \
- SA_RIGHT_FILE_WRITE_DATA | \
- SA_RIGHT_FILE_READ_DATA)
-
-#endif /* _RPC_SECDES_H */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 89b3572..d20a04e 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -201,6 +201,7 @@ typedef union unid_t {
#include "librpc/gen_ndr/epmapper.h"
#include "librpc/gen_ndr/krb5pac.h"
#include "librpc/gen_ndr/dcerpc.h"
+#include "librpc/gen_ndr/spoolss.h"
struct lsa_dom_info {
bool valid;
@@ -1234,7 +1235,7 @@ struct bitmap {
SYNCHRONIZE_ACCESS)
/* This maps to 0x120116 */
-#define FILE_GENERIC_WRITE (STD_RIGHT_READ_CONTROL_ACCESS|\
+#define FILE_GENERIC_WRITE (SEC_STD_READ_CONTROL|\
FILE_WRITE_DATA|\
FILE_WRITE_ATTRIBUTES|\
FILE_WRITE_EA|\
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index dd0f8d2..f883232 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -934,7 +934,7 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX
*mem_ctx,
status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx,
false,
- STD_RIGHT_READ_CONTROL_ACCESS |
+ SEC_STD_READ_CONTROL |
LSA_POLICY_VIEW_LOCAL_INFORMATION |
LSA_POLICY_LOOKUP_NAMES,
&lsa_handle);
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index e291193..c586d11 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -1770,8 +1770,8 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
SAMR_USER_ACCESS_GET_GROUPS;
break;
case 3:
- user_mask = STD_RIGHT_READ_CONTROL_ACCESS |
- STD_RIGHT_WRITE_DAC_ACCESS |
+ user_mask = SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
SAMR_USER_ACCESS_GET_GROUPS |
SAMR_USER_ACCESS_SET_PASSWORD |
SAMR_USER_ACCESS_SET_ATTRIBUTES |
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index fc40b9e..b9ed955 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -23,6 +23,13 @@
#include "includes.h"
#include "../librpc/gen_ndr/ndr_security.h"
+#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
+ SECINFO_DACL|SECINFO_SACL|\
+ SECINFO_UNPROTECTED_SACL|\
+ SECINFO_UNPROTECTED_DACL|\
+ SECINFO_PROTECTED_SACL|\
+ SECINFO_PROTECTED_DACL)
+
/* Map generic permissions to file object specific permissions */
const struct generic_mapping file_generic_mapping = {
@@ -43,16 +50,16 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
SMB_ASSERT(sd);
if (sd->owner_sid == NULL) {
- sec_info &= ~OWNER_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_OWNER;
}
if (sd->group_sid == NULL) {
- sec_info &= ~GROUP_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_GROUP;
}
if (sd->sacl == NULL) {
- sec_info &= ~SACL_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_SACL;
}
if (sd->dacl == NULL) {
- sec_info &= ~DACL_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_DACL;
}
return sec_info;
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index f76f6df..305b607 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -25,7 +25,6 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "smb_krb5.h"
-#include "authdata.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
index ad07ffc..89baaf2 100644
--- a/source3/libads/disp_sec.c
+++ b/source3/libads/disp_sec.c
@@ -19,6 +19,9 @@
#include "includes.h"
+/* for ADS */
+#define SEC_RIGHTS_FULL_CTRL 0xf01ff
+
#ifdef HAVE_LDAP
static struct perm_mask_str {
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 04c9bbf..098d633 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -20,9 +20,16 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#ifndef KRB5_AUTHDATA_WIN2K_PAC
+#define KRB5_AUTHDATA_WIN2K_PAC 128
+#endif
+
+#ifndef KRB5_AUTHDATA_IF_RELEVANT
+#define KRB5_AUTHDATA_IF_RELEVANT 1
+#endif
+
#include "includes.h"
#include "smb_krb5.h"
-#include "authdata.h"
#ifdef HAVE_KRB5
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index b6eff39..1fc3da0 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -91,11 +91,11 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
struct security_descr
SIVAL(param, 0, fnum);
if (sd->dacl)
- sec_info |= DACL_SECURITY_INFORMATION;
+ sec_info |= SECINFO_DACL;
if (sd->owner_sid)
- sec_info |= OWNER_SECURITY_INFORMATION;
+ sec_info |= SECINFO_OWNER;
if (sd->group_sid)
- sec_info |= GROUP_SECURITY_INFORMATION;
+ sec_info |= SECINFO_GROUP;
SSVAL(param, 4, sec_info);
if (!cli_send_nt_trans(cli,
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 875f18c..83e8f38 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -322,8 +322,8 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const
SMB_STRUCT_STAT *sbuf,
DEBUG(10,("after make sec_acl\n"));
*ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
- (security_info & OWNER_SECURITY_INFORMATION) ?
&sid_owner : NULL,
- (security_info & GROUP_SECURITY_INFORMATION) ?
&sid_group : NULL,
+ (security_info & SECINFO_OWNER) ? &sid_owner :
NULL,
+ (security_info & SECINFO_GROUP) ? &sid_group :
NULL,
NULL, psa, &sd_size);
if (*ppdesc==NULL) {
DEBUG(2,("make_sec_desc failed\n"));
@@ -553,7 +553,7 @@ static bool smbacl4_fill_ace4(
ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now
*/
ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
ace_v4->aceMask = ace_nt->access_mask &
- (STD_RIGHT_ALL_ACCESS | SA_RIGHT_FILE_ALL_ACCESS);
+ (SEC_STD_ALL | SEC_FILE_ALL);
se_map_generic(&ace_v4->aceMask, &file_generic_mapping);
@@ -734,8 +734,8 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
- if ((security_info_sent & (DACL_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION)) == 0)
+ if ((security_info_sent & (SECINFO_DACL |
+ SECINFO_GROUP | SECINFO_OWNER)) == 0)
--
Samba Shared Repository
