Author: jerry Date: 2005-09-14 13:59:09 +0000 (Wed, 14 Sep 2005) New Revision: 10223
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10223 Log: * map generic bits for scm and service access masks Needed by srvmgr.exe Modified: trunk/source/include/rpc_secdes.h trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Modified: trunk/source/include/rpc_secdes.h =================================================================== --- trunk/source/include/rpc_secdes.h 2005-09-14 12:53:18 UTC (rev 10222) +++ trunk/source/include/rpc_secdes.h 2005-09-14 13:59:09 UTC (rev 10223) @@ -481,13 +481,16 @@ SC_RIGHT_MGR_ENUMERATE_SERVICE | \ SC_RIGHT_MGR_QUERY_LOCK_STATUS ) -#define SC_MANAGER_ALL_ACCESS \ +#define SC_MANAGER_EXECUTE_ACCESS SC_MANAGER_READ_ACCESS + +#define SC_MANAGER_WRITE_ACCESS \ ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ SC_MANAGER_READ_ACCESS | \ SC_RIGHT_MGR_CREATE_SERVICE | \ SC_RIGHT_MGR_LOCK | \ SC_RIGHT_MGR_MODIFY_BOOT_CONFIG ) +#define SC_MANAGER_ALL_ACCESS SC_MANAGER_WRITE_ACCESS /* Service Object Bits */ @@ -515,12 +518,14 @@ SC_RIGHT_SVC_STOP | \ SC_RIGHT_SVC_PAUSE_CONTINUE ) -#define SERVICE_ALL_ACCESS \ +#define SERVICE_WRITE_ACCESS \ ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ SERVICE_READ_ACCESS | \ SERVICE_EXECUTE_ACCESS | \ SC_RIGHT_SVC_CHANGE_CONFIG ) +#define SERVICE_ALL_ACCESS SERVICE_WRITE_ACCESS + /* Modified: trunk/source/rpc_server/srv_svcctl_nt.c =================================================================== --- trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 12:53:18 UTC (rev 10222) +++ trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 13:59:09 UTC (rev 10223) @@ -39,7 +39,12 @@ struct service_control_op *svcctl_ops; +static struct generic_mapping scm_generic_map = + { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS }; +static struct generic_mapping svc_generic_map = + { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS }; + /******************************************************************** ********************************************************************/ @@ -247,6 +252,7 @@ if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) ) return WERR_NOMEM; + se_map_generic( &q_u->access, &scm_generic_map ); status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -280,6 +286,7 @@ if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) ) return WERR_NOMEM; + se_map_generic( &q_u->access, &svc_generic_map ); status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status );