svn commit: samba r10223 - in trunk/source: include rpc_server
jerry at samba.org
jerry at samba.org
Wed Sep 14 13:59:09 GMT 2005
Author: jerry
Date: 2005-09-14 13:59:09 +0000 (Wed, 14 Sep 2005)
New Revision: 10223
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10223
Log:
* map generic bits for scm and service access masks
Needed by srvmgr.exe
Modified:
trunk/source/include/rpc_secdes.h
trunk/source/rpc_server/srv_svcctl_nt.c
Changeset:
Modified: trunk/source/include/rpc_secdes.h
===================================================================
--- trunk/source/include/rpc_secdes.h 2005-09-14 12:53:18 UTC (rev 10222)
+++ trunk/source/include/rpc_secdes.h 2005-09-14 13:59:09 UTC (rev 10223)
@@ -481,13 +481,16 @@
SC_RIGHT_MGR_ENUMERATE_SERVICE | \
SC_RIGHT_MGR_QUERY_LOCK_STATUS )
-#define SC_MANAGER_ALL_ACCESS \
+#define SC_MANAGER_EXECUTE_ACCESS SC_MANAGER_READ_ACCESS
+
+#define SC_MANAGER_WRITE_ACCESS \
( STANDARD_RIGHTS_REQUIRED_ACCESS | \
SC_MANAGER_READ_ACCESS | \
SC_RIGHT_MGR_CREATE_SERVICE | \
SC_RIGHT_MGR_LOCK | \
SC_RIGHT_MGR_MODIFY_BOOT_CONFIG )
+#define SC_MANAGER_ALL_ACCESS SC_MANAGER_WRITE_ACCESS
/* Service Object Bits */
@@ -515,12 +518,14 @@
SC_RIGHT_SVC_STOP | \
SC_RIGHT_SVC_PAUSE_CONTINUE )
-#define SERVICE_ALL_ACCESS \
+#define SERVICE_WRITE_ACCESS \
( STANDARD_RIGHTS_REQUIRED_ACCESS | \
SERVICE_READ_ACCESS | \
SERVICE_EXECUTE_ACCESS | \
SC_RIGHT_SVC_CHANGE_CONFIG )
+#define SERVICE_ALL_ACCESS SERVICE_WRITE_ACCESS
+
/*
Modified: trunk/source/rpc_server/srv_svcctl_nt.c
===================================================================
--- trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 12:53:18 UTC (rev 10222)
+++ trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 13:59:09 UTC (rev 10223)
@@ -39,7 +39,12 @@
struct service_control_op *svcctl_ops;
+static struct generic_mapping scm_generic_map =
+ { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS };
+static struct generic_mapping svc_generic_map =
+ { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS };
+
/********************************************************************
********************************************************************/
@@ -247,6 +252,7 @@
if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
return WERR_NOMEM;
+ se_map_generic( &q_u->access, &scm_generic_map );
status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
@@ -280,6 +286,7 @@
if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
return WERR_NOMEM;
+ se_map_generic( &q_u->access, &svc_generic_map );
status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
More information about the samba-cvs
mailing list