[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2543-g58cca9f

Günther Deschner gd at samba.org
Wed Feb 27 15:02:03 GMT 2008


The branch, v3-2-test has been updated
       via  58cca9faf9db506bd2f6eab4a99ef85153797ab2 (commit)
       via  01cdb071af7bc677450e511ebc7ef2036e9510e4 (commit)
       via  2b28ca34a1aad151ad712e5ecbb2a77c66d2b671 (commit)
       via  5fad28beec7eacd32f434a3bbfcaeb41640dfd22 (commit)
      from  18233fb9d6dfbeee68c26c6a7449c292cc669550 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 58cca9faf9db506bd2f6eab4a99ef85153797ab2
Author: Günther Deschner <gd at samba.org>
Date:   Wed Feb 27 15:49:31 2008 +0100

    Use new LSA_POLICY defines in lsa rpc server code and other places.
    
    Guenther

commit 01cdb071af7bc677450e511ebc7ef2036e9510e4
Author: Günther Deschner <gd at samba.org>
Date:   Wed Feb 27 15:56:18 2008 +0100

    Re-run make idl.
    
    Guenther

commit 2b28ca34a1aad151ad712e5ecbb2a77c66d2b671
Author: Günther Deschner <gd at samba.org>
Date:   Wed Feb 27 15:47:26 2008 +0100

    Use lsa_PolicyAccessMask in lsa_OpenPolicy/2.
    
    Guenther

commit 5fad28beec7eacd32f434a3bbfcaeb41640dfd22
Author: Günther Deschner <gd at samba.org>
Date:   Wed Feb 27 15:46:35 2008 +0100

    Add lsa_PolicyAccessMask to lsa.idl.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/include/rpc_lsa.h        |   69 ++++++++++++++++-----------------------
 source/librpc/gen_ndr/lsa.h     |   14 ++++++++
 source/librpc/gen_ndr/ndr_lsa.c |   45 ++++++++++++++++++++++---
 source/librpc/gen_ndr/ndr_lsa.h |    3 ++
 source/librpc/idl/lsa.idl       |   19 +++++++++-
 source/libsmb/trusts_util.c     |    2 +-
 source/rpc_server/srv_lsa_nt.c  |   48 +++++++++++++-------------
 source/rpcclient/cmd_lsarpc.c   |    2 +-
 8 files changed, 127 insertions(+), 75 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h
index 3f55e18..a5316c4 100644
--- a/source/include/rpc_lsa.h
+++ b/source/include/rpc_lsa.h
@@ -27,51 +27,38 @@
 #define LSA_AUDIT_NUM_CATEGORIES_WIN2K	9
 #define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
 
-#define POLICY_VIEW_LOCAL_INFORMATION    0x00000001
-#define POLICY_VIEW_AUDIT_INFORMATION    0x00000002
-#define POLICY_GET_PRIVATE_INFORMATION   0x00000004
-#define POLICY_TRUST_ADMIN               0x00000008
-#define POLICY_CREATE_ACCOUNT            0x00000010
-#define POLICY_CREATE_SECRET             0x00000020
-#define POLICY_CREATE_PRIVILEGE          0x00000040
-#define POLICY_SET_DEFAULT_QUOTA_LIMITS  0x00000080
-#define POLICY_SET_AUDIT_REQUIREMENTS    0x00000100
-#define POLICY_AUDIT_LOG_ADMIN           0x00000200
-#define POLICY_SERVER_ADMIN              0x00000400
-#define POLICY_LOOKUP_NAMES              0x00000800
+#define LSA_POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS  |\
+                            LSA_POLICY_VIEW_LOCAL_INFORMATION    |\
+                            LSA_POLICY_VIEW_AUDIT_INFORMATION    |\
+                            LSA_POLICY_GET_PRIVATE_INFORMATION   |\
+                            LSA_POLICY_TRUST_ADMIN               |\
+                            LSA_POLICY_CREATE_ACCOUNT            |\
+                            LSA_POLICY_CREATE_SECRET             |\
+                            LSA_POLICY_CREATE_PRIVILEGE          |\
+                            LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            LSA_POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            LSA_POLICY_AUDIT_LOG_ADMIN           |\
+                            LSA_POLICY_SERVER_ADMIN              |\
+                            LSA_POLICY_LOOKUP_NAMES )
 
-#define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS  |\
-                            POLICY_VIEW_LOCAL_INFORMATION    |\
-                            POLICY_VIEW_AUDIT_INFORMATION    |\
-                            POLICY_GET_PRIVATE_INFORMATION   |\
-                            POLICY_TRUST_ADMIN               |\
-                            POLICY_CREATE_ACCOUNT            |\
-                            POLICY_CREATE_SECRET             |\
-                            POLICY_CREATE_PRIVILEGE          |\
-                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
-                            POLICY_SET_AUDIT_REQUIREMENTS    |\
-                            POLICY_AUDIT_LOG_ADMIN           |\
-                            POLICY_SERVER_ADMIN              |\
-                            POLICY_LOOKUP_NAMES )
 
+#define LSA_POLICY_READ       ( STANDARD_RIGHTS_READ_ACCESS      |\
+                            LSA_POLICY_VIEW_AUDIT_INFORMATION    |\
+                            LSA_POLICY_GET_PRIVATE_INFORMATION)
 
-#define POLICY_READ       ( STANDARD_RIGHTS_READ_ACCESS      |\
-                            POLICY_VIEW_AUDIT_INFORMATION    |\
-                            POLICY_GET_PRIVATE_INFORMATION)
+#define LSA_POLICY_WRITE      ( STD_RIGHT_READ_CONTROL_ACCESS     |\
+                            LSA_POLICY_TRUST_ADMIN               |\
+                            LSA_POLICY_CREATE_ACCOUNT            |\
+                            LSA_POLICY_CREATE_SECRET             |\
+                            LSA_POLICY_CREATE_PRIVILEGE          |\
+                            LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            LSA_POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            LSA_POLICY_AUDIT_LOG_ADMIN           |\
+                            LSA_POLICY_SERVER_ADMIN)
 
-#define POLICY_WRITE      ( STD_RIGHT_READ_CONTROL_ACCESS     |\
-                            POLICY_TRUST_ADMIN               |\
-                            POLICY_CREATE_ACCOUNT            |\
-                            POLICY_CREATE_SECRET             |\
-                            POLICY_CREATE_PRIVILEGE          |\
-                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
-                            POLICY_SET_AUDIT_REQUIREMENTS    |\
-                            POLICY_AUDIT_LOG_ADMIN           |\
-                            POLICY_SERVER_ADMIN)
-
-#define POLICY_EXECUTE    ( STANDARD_RIGHTS_EXECUTE_ACCESS   |\
-                            POLICY_VIEW_LOCAL_INFORMATION    |\
-                            POLICY_LOOKUP_NAMES )
+#define LSA_POLICY_EXECUTE    ( STANDARD_RIGHTS_EXECUTE_ACCESS   |\
+                            LSA_POLICY_VIEW_LOCAL_INFORMATION    |\
+                            LSA_POLICY_LOOKUP_NAMES )
 
 /*******************************************************/
 #define MAX_REF_DOMAINS 32
diff --git a/source/librpc/gen_ndr/lsa.h b/source/librpc/gen_ndr/lsa.h
index cc7bca3..0840149 100644
--- a/source/librpc/gen_ndr/lsa.h
+++ b/source/librpc/gen_ndr/lsa.h
@@ -63,6 +63,20 @@ struct lsa_ObjectAttribute {
 	struct lsa_QosInfo *sec_qos;/* [unique] */
 };
 
+/* bitmap lsa_PolicyAccessMask */
+#define LSA_POLICY_VIEW_LOCAL_INFORMATION ( 0x00000001 )
+#define LSA_POLICY_VIEW_AUDIT_INFORMATION ( 0x00000002 )
+#define LSA_POLICY_GET_PRIVATE_INFORMATION ( 0x00000004 )
+#define LSA_POLICY_TRUST_ADMIN ( 0x00000008 )
+#define LSA_POLICY_CREATE_ACCOUNT ( 0x00000010 )
+#define LSA_POLICY_CREATE_SECRET ( 0x00000020 )
+#define LSA_POLICY_CREATE_PRIVILEGE ( 0x00000040 )
+#define LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS ( 0x00000080 )
+#define LSA_POLICY_SET_AUDIT_REQUIREMENTS ( 0x00000100 )
+#define LSA_POLICY_AUDIT_LOG_ADMIN ( 0x00000200 )
+#define LSA_POLICY_SERVER_ADMIN ( 0x00000400 )
+#define LSA_POLICY_LOOKUP_NAMES ( 0x00000800 )
+
 struct lsa_AuditLogInfo {
 	uint32_t percent_full;
 	uint32_t log_size;
diff --git a/source/librpc/gen_ndr/ndr_lsa.c b/source/librpc/gen_ndr/ndr_lsa.c
index b54f43a..2a683fe 100644
--- a/source/librpc/gen_ndr/ndr_lsa.c
+++ b/source/librpc/gen_ndr/ndr_lsa.c
@@ -640,6 +640,39 @@ _PUBLIC_ void ndr_print_lsa_ObjectAttribute(struct ndr_print *ndr, const char *n
 	ndr->depth--;
 }
 
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_PolicyAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_PolicyAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_PolicyAccessMask(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_VIEW_LOCAL_INFORMATION", LSA_POLICY_VIEW_LOCAL_INFORMATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_VIEW_AUDIT_INFORMATION", LSA_POLICY_VIEW_AUDIT_INFORMATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_GET_PRIVATE_INFORMATION", LSA_POLICY_GET_PRIVATE_INFORMATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_TRUST_ADMIN", LSA_POLICY_TRUST_ADMIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_CREATE_ACCOUNT", LSA_POLICY_CREATE_ACCOUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_CREATE_SECRET", LSA_POLICY_CREATE_SECRET, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_CREATE_PRIVILEGE", LSA_POLICY_CREATE_PRIVILEGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS", LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_SET_AUDIT_REQUIREMENTS", LSA_POLICY_SET_AUDIT_REQUIREMENTS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_AUDIT_LOG_ADMIN", LSA_POLICY_AUDIT_LOG_ADMIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_SERVER_ADMIN", LSA_POLICY_SERVER_ADMIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_LOOKUP_NAMES", LSA_POLICY_LOOKUP_NAMES, r);
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_lsa_AuditLogInfo(struct ndr_push *ndr, int ndr_flags, const struct lsa_AuditLogInfo *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
@@ -4924,7 +4957,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, int fla
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_lsa_PolicyAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.handle == NULL) {
@@ -4964,7 +4997,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy(struct ndr_pull *ndr, int fla
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.attr, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attr_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_lsa_PolicyAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
 		NDR_PULL_ALLOC(ndr, r->out.handle);
 		ZERO_STRUCTP(r->out.handle);
 	}
@@ -5001,7 +5034,7 @@ _PUBLIC_ void ndr_print_lsa_OpenPolicy(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_lsa_ObjectAttribute(ndr, "attr", r->in.attr);
 		ndr->depth--;
-		ndr_print_uint32(ndr, "access_mask", r->in.access_mask);
+		ndr_print_lsa_PolicyAccessMask(ndr, "access_mask", r->in.access_mask);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -8459,7 +8492,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int fl
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_lsa_PolicyAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.handle == NULL) {
@@ -8505,7 +8538,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int fl
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.attr, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attr_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_lsa_PolicyAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
 		NDR_PULL_ALLOC(ndr, r->out.handle);
 		ZERO_STRUCTP(r->out.handle);
 	}
@@ -8542,7 +8575,7 @@ _PUBLIC_ void ndr_print_lsa_OpenPolicy2(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_lsa_ObjectAttribute(ndr, "attr", r->in.attr);
 		ndr->depth--;
-		ndr_print_uint32(ndr, "access_mask", r->in.access_mask);
+		ndr_print_lsa_PolicyAccessMask(ndr, "access_mask", r->in.access_mask);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
diff --git a/source/librpc/gen_ndr/ndr_lsa.h b/source/librpc/gen_ndr/ndr_lsa.h
index 76add45..2df42db 100644
--- a/source/librpc/gen_ndr/ndr_lsa.h
+++ b/source/librpc/gen_ndr/ndr_lsa.h
@@ -193,6 +193,9 @@ void ndr_print_lsa_PrivEntry(struct ndr_print *ndr, const char *name, const stru
 void ndr_print_lsa_PrivArray(struct ndr_print *ndr, const char *name, const struct lsa_PrivArray *r);
 void ndr_print_lsa_QosInfo(struct ndr_print *ndr, const char *name, const struct lsa_QosInfo *r);
 void ndr_print_lsa_ObjectAttribute(struct ndr_print *ndr, const char *name, const struct lsa_ObjectAttribute *r);
+enum ndr_err_code ndr_push_lsa_PolicyAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_lsa_PolicyAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_lsa_PolicyAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
 void ndr_print_lsa_AuditLogInfo(struct ndr_print *ndr, const char *name, const struct lsa_AuditLogInfo *r);
 void ndr_print_lsa_PolicyAuditPolicy(struct ndr_print *ndr, const char *name, enum lsa_PolicyAuditPolicy r);
 void ndr_print_lsa_AuditEventsInfo(struct ndr_print *ndr, const char *name, const struct lsa_AuditEventsInfo *r);
diff --git a/source/librpc/idl/lsa.idl b/source/librpc/idl/lsa.idl
index 38f3489..228634e 100644
--- a/source/librpc/idl/lsa.idl
+++ b/source/librpc/idl/lsa.idl
@@ -117,12 +117,27 @@ import "security.idl";
 		lsa_QosInfo *sec_qos;
 	} lsa_ObjectAttribute;
 
+	typedef [public,bitmap32bit] bitmap {
+		LSA_POLICY_VIEW_LOCAL_INFORMATION	= 0x00000001,
+		LSA_POLICY_VIEW_AUDIT_INFORMATION	= 0x00000002,
+		LSA_POLICY_GET_PRIVATE_INFORMATION	= 0x00000004,
+		LSA_POLICY_TRUST_ADMIN			= 0x00000008,
+		LSA_POLICY_CREATE_ACCOUNT		= 0x00000010,
+		LSA_POLICY_CREATE_SECRET		= 0x00000020,
+		LSA_POLICY_CREATE_PRIVILEGE		= 0x00000040,
+		LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS	= 0x00000080,
+		LSA_POLICY_SET_AUDIT_REQUIREMENTS	= 0x00000100,
+		LSA_POLICY_AUDIT_LOG_ADMIN		= 0x00000200,
+		LSA_POLICY_SERVER_ADMIN			= 0x00000400,
+		LSA_POLICY_LOOKUP_NAMES			= 0x00000800
+	} lsa_PolicyAccessMask;
+
 	/* notice the screwup with the system_name - thats why MS created
 	   OpenPolicy2 */
 	[public] NTSTATUS lsa_OpenPolicy (
 		[in,unique]       uint16 *system_name,
 		[in]   lsa_ObjectAttribute *attr,
-		[in]       uint32 access_mask,
+		[in]   lsa_PolicyAccessMask access_mask,
 		[out]  policy_handle *handle
 		);
 	
@@ -737,7 +752,7 @@ import "security.idl";
 	[public] NTSTATUS lsa_OpenPolicy2 (
 		[in,unique]      [string,charset(UTF16)] uint16 *system_name,
 		[in]  lsa_ObjectAttribute *attr,
-		[in]      uint32 access_mask,
+		[in]  lsa_PolicyAccessMask access_mask,
 		[out] policy_handle *handle
 		);
 
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index 1e92bf2..c079fb1 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -209,7 +209,7 @@ bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
 	/* get a handle */
 
 	result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
-		POLICY_VIEW_LOCAL_INFORMATION, &pol);
+		LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol);
 	if ( !NT_STATUS_IS_OK(result) )
 		goto done;
 
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index f43258d..ec9da32 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -40,10 +40,10 @@ struct lsa_info {
 };
 
 const struct generic_mapping lsa_generic_mapping = {
-	POLICY_READ,
-	POLICY_WRITE,
-	POLICY_EXECUTE,
-	POLICY_ALL_ACCESS
+	LSA_POLICY_READ,
+	LSA_POLICY_WRITE,
+	LSA_POLICY_EXECUTE,
+	LSA_POLICY_ALL_ACCESS
 };
 
 /***************************************************************************
@@ -289,17 +289,17 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
 
 	SEC_ACL *psa = NULL;
 
-	init_sec_access(&mask, POLICY_EXECUTE);
+	init_sec_access(&mask, LSA_POLICY_EXECUTE);
 	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	sid_copy(&adm_sid, get_global_sam_sid());
 	sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
-	init_sec_access(&mask, POLICY_ALL_ACCESS);
+	init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
 	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	sid_copy(&local_adm_sid, &global_sid_Builtin);
 	sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-	init_sec_access(&mask, POLICY_ALL_ACCESS);
+	init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
 	init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
@@ -390,7 +390,7 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p,
 	/* This is needed for lsa_open_account and rpcclient .... :-) */
 
 	if (p->pipe_user.ut.uid == sec_initial_uid())
-		acc_granted = POLICY_ALL_ACCESS;
+		acc_granted = LSA_POLICY_ALL_ACCESS;
 
 	/* associate the domain SID with the (unique) handle. */
 	if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
@@ -483,7 +483,7 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights */
-	if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	nt_status = pdb_enum_trusteddoms(p->mem_ctx, &num_domains, &domains);
@@ -558,7 +558,7 @@ NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p,
 		uint32 policy_def = LSA_AUDIT_POLICY_ALL;
 
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_AUDIT_INFORMATION)) {
+		if (!(handle->access & LSA_POLICY_VIEW_AUDIT_INFORMATION)) {
 			DEBUG(10,("_lsa_QueryInfoPolicy: insufficient access rights\n"));
 			return NT_STATUS_ACCESS_DENIED;
 		}
@@ -586,7 +586,7 @@ NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p,
 		}
 	case 0x03:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		/* Request PolicyPrimaryDomainInformation. */
@@ -615,7 +615,7 @@ NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p,
 		break;
 	case 0x05:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		/* Request PolicyAccountDomainInformation. */
@@ -626,7 +626,7 @@ NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p,
 		break;
 	case 0x06:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		switch (lp_server_role()) {
@@ -793,7 +793,7 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p,
 	}
 
 	/* check if the user has enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+	if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
@@ -867,7 +867,7 @@ NTSTATUS _lsa_LookupSids2(pipes_struct *p,
 		}
 
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+		if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
 	}
@@ -999,7 +999,7 @@ NTSTATUS _lsa_LookupNames(pipes_struct *p,
 	}
 
 	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+	if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
 		status = NT_STATUS_ACCESS_DENIED;
 		goto done;
 	}
@@ -1138,7 +1138,7 @@ NTSTATUS _lsa_LookupNames3(pipes_struct *p,
 		}
 
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+		if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
 			status = NT_STATUS_ACCESS_DENIED;
 			goto done;
 		}
@@ -1292,7 +1292,7 @@ NTSTATUS _lsa_EnumPrivs(pipes_struct *p,
 	/* check if the user have enough rights
 	   I don't know if it's the right one. not documented.  */
 
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	if (num_privs) {
@@ -1350,7 +1350,7 @@ NTSTATUS _lsa_LookupPrivDisplayName(pipes_struct *p,
 	/*
 	 * I don't know if it's the right one. not documented.
 	 */
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	DEBUG(10,("_lsa_LookupPrivDisplayName: name = %s\n", r->in.name->string));
@@ -1392,7 +1392,7 @@ NTSTATUS _lsa_EnumAccounts(pipes_struct *p,
 	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	sid_list = NULL;
@@ -1505,7 +1505,7 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
 	 * I don't know if it's the right one. not documented.
 	 * but guessed with rpcclient.
 	 */
-	if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+	if (!(handle->access & LSA_POLICY_GET_PRIVATE_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	/* check to see if the pipe_user is a Domain Admin since
@@ -1554,7 +1554,7 @@ NTSTATUS _lsa_OpenAccount(pipes_struct *p,
 	 * I don't know if it's the right one. not documented.
 	 * but guessed with rpcclient.
 	 */
-	if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+	if (!(handle->access & LSA_POLICY_GET_PRIVATE_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	/* TODO: Fis the parsing routine before reenabling this check! */
@@ -1798,7 +1798,7 @@ NTSTATUS _lsa_QuerySecurity(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 
@@ -1855,7 +1855,7 @@ NTSTATUS _lsa_QuerySecurity(pipes_struct *p,
 	switch (q_u->info_class) {
 	case 0x0c:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		/* Request PolicyPrimaryDomainInformation. */
diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c
index 3fe8bc8..512d80a 100644
--- a/source/rpcclient/cmd_lsarpc.c
+++ b/source/rpcclient/cmd_lsarpc.c
@@ -394,7 +394,7 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
 	}	
 
 	result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
-				     POLICY_VIEW_LOCAL_INFORMATION,
+				     LSA_POLICY_VIEW_LOCAL_INFORMATION,
 				     &pol);
 
 	if (!NT_STATUS_IS_OK(result))


-- 
Samba Shared Repository


More information about the samba-cvs mailing list