[SCM] Samba Shared Repository - branch master updated -
12d2bfdb867a9500fd25f1c7557564ad0368c720
Günther Deschner
gd at samba.org
Fri Oct 31 20:54:45 GMT 2008
The branch, master has been updated
via 12d2bfdb867a9500fd25f1c7557564ad0368c720 (commit)
via 66993ab03aeaf2590d5387f9d0ef95e92b6f82a8 (commit)
via 0f9410e8069775cf1a60942029bbffd3d5fbde0c (commit)
via 5e5edbe76176f1b821c7c54b5bc22952daec7f9a (commit)
via 673ba716585d9a46c1f2920eb249a19826f93464 (commit)
via f126371f179688a5194f297da4b625439fff7532 (commit)
via 04c2204e46b8b5e7c7048c058a06f4f63cb6a826 (commit)
via 29d27297d0f77cb9d8a03f011e14f0569dc88225 (commit)
via 3913366c9a2f8fe7f9be7462145c1bc5315aeb45 (commit)
via 700cece822baee4824224bd707ed27370981256d (commit)
via 65eca73272ab38922b61916f2752d28e3d1dde01 (commit)
from 265f2381db1bef016e698c685447355b1480b47c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 12d2bfdb867a9500fd25f1c7557564ad0368c720
Author: Günther Deschner <gd at samba.org>
Date: Fri Oct 24 01:58:05 2008 +0200
security-idl: add STANDARD_RIGHTS_X bits.
Guenther
commit 66993ab03aeaf2590d5387f9d0ef95e92b6f82a8
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:53:11 2008 +0200
s3-samr: remove duplicate copies of Alias Object specific access rights.
Guenther
commit 0f9410e8069775cf1a60942029bbffd3d5fbde0c
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:52:34 2008 +0200
s3-samr-idl: add Alias Object specific access rights.
Guenther
commit 5e5edbe76176f1b821c7c54b5bc22952daec7f9a
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:45:58 2008 +0200
s3-samr: remove duplicate copies of Group Object specific access rights.
Guenther
commit 673ba716585d9a46c1f2920eb249a19826f93464
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:45:17 2008 +0200
s3-samr-idl: add Group Object specific access rights.
Guenther
commit f126371f179688a5194f297da4b625439fff7532
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:39:14 2008 +0200
s3-samr: remove duplicate copies of Domain Object specific access rights.
Guenther
commit 04c2204e46b8b5e7c7048c058a06f4f63cb6a826
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:38:21 2008 +0200
s3-samr-idl: add Domain Object specific access rights.
Guenther
commit 29d27297d0f77cb9d8a03f011e14f0569dc88225
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:24:41 2008 +0200
s3-samr: remove duplicate copies of SAM user specific access rights.
Guenther
commit 3913366c9a2f8fe7f9be7462145c1bc5315aeb45
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:23:43 2008 +0200
s3-samr-idl: add User Object specific access rights.
Guenther
commit 700cece822baee4824224bd707ed27370981256d
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:01:04 2008 +0200
s3-samr: remove duplicate copies of SAM server specific access rights.
Guenther
commit 65eca73272ab38922b61916f2752d28e3d1dde01
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:00:21 2008 +0200
s3-samr-idl: add SAM server specific access rights.
Guenther
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/security.idl | 14 +++
source3/include/rpc_secdes.h | 171 --------------------------------------
source3/librpc/gen_ndr/samr.h | 25 ++++++
source3/librpc/idl/samr.idl | 124 +++++++++++++++++++++++++++
source3/rpc_server/srv_samr_nt.c | 96 +++++++++++-----------
source3/utils/net_rpc.c | 4 +-
6 files changed, 213 insertions(+), 221 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 6704e30..a313a2c 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -136,6 +136,20 @@ interface security
const int SEC_RIGHTS_DIR_EXECUTE = SEC_RIGHTS_FILE_EXECUTE;
const int SEC_RIGHTS_DIR_ALL = SEC_RIGHTS_FILE_ALL;
+ /* combinations of standard masks. */
+ const int STANDARD_RIGHTS_ALL_ACCESS = SEC_STD_ALL; /* 0x001f0000 */
+ const int STANDARD_RIGHTS_MODIFY_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
+ const int STANDARD_RIGHTS_EXECUTE_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
+ const int STANDARD_RIGHTS_READ_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
+ const int STANDARD_RIGHTS_WRITE_ACCESS =
+ (SEC_STD_WRITE_OWNER |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_DELETE); /* 0x000d0000 */
+ const int STANDARD_RIGHTS_REQUIRED_ACCESS =
+ (SEC_STD_DELETE |
+ SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER); /* 0x000f0000 */
/***************************************************************/
/* WELL KNOWN SIDS */
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index fb73498..15adebe 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -214,177 +214,6 @@ struct standard_mapping {
SA_RIGHT_FILE_WRITE_DATA | \
SA_RIGHT_FILE_READ_DATA)
-/* SAM server specific access rights */
-
-#define SA_RIGHT_SAM_CONNECT_SERVER 0x00000001
-#define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
-#define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004
-#define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008
-#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
-
-#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
-
-#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_SAM_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_SAM_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_SAM_ENUM_DOMAINS)
-
-#define GENERIC_RIGHTS_SAM_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_SAM_CREATE_DOMAIN | \
- SA_RIGHT_SAM_INITIALISE_SERVER | \
- SA_RIGHT_SAM_SHUTDOWN_SERVER)
-
-#define GENERIC_RIGHTS_SAM_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_SAM_OPEN_DOMAIN | \
- SA_RIGHT_SAM_CONNECT_SERVER)
-
-
-/* Domain Object specific access rights */
-
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
-#define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
-#define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
-#define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
-#define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
-#define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
-#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
-#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
-#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
-#define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
-
-#define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_DOMAIN_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_DOMAIN_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
-
-#define GENERIC_RIGHTS_DOMAIN_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_DOMAIN_SET_INFO_3 | \
- SA_RIGHT_DOMAIN_CREATE_ALIAS | \
- SA_RIGHT_DOMAIN_CREATE_GROUP | \
- SA_RIGHT_DOMAIN_CREATE_USER | \
- SA_RIGHT_DOMAIN_SET_INFO_2 | \
- SA_RIGHT_DOMAIN_SET_INFO_1)
-
-#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
-
-
-/* User Object specific access rights */
-
-#define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
-#define SA_RIGHT_USER_GET_LOCALE 0x00000002
-#define SA_RIGHT_USER_SET_LOC_COM 0x00000004
-#define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
-#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
-#define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
-#define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
-#define SA_RIGHT_USER_SET_PASSWORD 0x00000080
-#define SA_RIGHT_USER_GET_GROUPS 0x00000100
-#define SA_RIGHT_USER_READ_GROUP_MEM 0x00000200
-#define SA_RIGHT_USER_CHANGE_GROUP_MEM 0x00000400
-
-#define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_USER_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
-
-#define GENERIC_RIGHTS_USER_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_USER_READ_GROUP_MEM | \
- SA_RIGHT_USER_GET_GROUPS | \
- SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
- SA_RIGHT_USER_GET_LOGONINFO | \
- SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
-
-#define GENERIC_RIGHTS_USER_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM | \
- SA_RIGHT_USER_SET_ATTRIBUTES | \
- SA_RIGHT_USER_SET_PASSWORD | \
- SA_RIGHT_USER_CHANGE_GROUP_MEM) /* 0x000204e4 */
-
-#define GENERIC_RIGHTS_USER_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
-
-
-/* Group Object specific access rights */
-
-#define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
-#define SA_RIGHT_GROUP_SET_INFO 0x00000002
-#define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
-#define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
-#define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
-
-#define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_GROUP_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
-
-#define GENERIC_RIGHTS_GROUP_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_GROUP_REMOVE_MEMBER | \
- SA_RIGHT_GROUP_ADD_MEMBER | \
- SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
-
-#define GENERIC_RIGHTS_GROUP_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
-
-
-/* Alias Object specific access rights */
-
-#define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
-#define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
-#define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
-#define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
-#define SA_RIGHT_ALIAS_SET_INFO 0x00000010
-
-#define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_ALIAS_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
-
-#define GENERIC_RIGHTS_ALIAS_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_ALIAS_REMOVE_MEMBER | \
- SA_RIGHT_ALIAS_ADD_MEMBER | \
- SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
-
-#define GENERIC_RIGHTS_ALIAS_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
-
/*
* Access Bits for registry ACLS
*/
diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h
index 62f6bf8..e5d009e 100644
--- a/source3/librpc/gen_ndr/samr.h
+++ b/source3/librpc/gen_ndr/samr.h
@@ -8,6 +8,31 @@
#ifndef _HEADER_samr
#define _HEADER_samr
+#define SAMR_ACCESS_ALL_ACCESS ( 0x0000003F )
+#define GENERIC_RIGHTS_SAM_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_SAM_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ACCESS_ENUM_DOMAINS) )
+#define GENERIC_RIGHTS_SAM_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ACCESS_CREATE_DOMAIN|SAMR_ACCESS_INITIALIZE_SERVER|SAMR_ACCESS_SHUTDOWN_SERVER) )
+#define GENERIC_RIGHTS_SAM_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_OPEN_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER) )
+#define SAMR_USER_ACCESS_ALL_ACCESS ( 0x000007FF )
+#define GENERIC_RIGHTS_USER_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_USER_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_USER_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP|SAMR_USER_ACCESS_GET_GROUPS|SAMR_USER_ACCESS_GET_ATTRIBUTES|SAMR_USER_ACCESS_GET_LOGONINFO|SAMR_USER_ACCESS_GET_LOCALE) )
+#define GENERIC_RIGHTS_USER_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_USER_ACCESS_CHANGE_PASSWORD|SAMR_USER_ACCESS_SET_LOC_COM|SAMR_USER_ACCESS_SET_ATTRIBUTES|SAMR_USER_ACCESS_SET_PASSWORD|SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP) )
+#define GENERIC_RIGHTS_USER_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_USER_ACCESS_CHANGE_PASSWORD|SAMR_USER_ACCESS_GET_NAME_ETC) )
+#define SAMR_DOMAIN_ACCESS_ALL_ACCESS ( 0x000007FF )
+#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_DOMAIN_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_DOMAIN_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2) )
+#define GENERIC_RIGHTS_DOMAIN_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_DOMAIN_ACCESS_SET_INFO_3|SAMR_DOMAIN_ACCESS_CREATE_ALIAS|SAMR_DOMAIN_ACCESS_CREATE_GROUP|SAMR_DOMAIN_ACCESS_CREATE_USER|SAMR_DOMAIN_ACCESS_SET_INFO_2|SAMR_DOMAIN_ACCESS_SET_INFO_1) )
+#define GENERIC_RIGHTS_DOMAIN_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT|SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1) )
+#define SAMR_GROUP_ACCESS_ALL_ACCESS ( 0x0000001F )
+#define GENERIC_RIGHTS_GROUP_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_GROUP_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_GROUP_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_GROUP_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_GROUP_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_GROUP_ACCESS_REMOVE_MEMBER|SAMR_GROUP_ACCESS_ADD_MEMBER|SAMR_GROUP_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_GROUP_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_GROUP_ACCESS_LOOKUP_INFO) )
+#define SAMR_ALIAS_ACCESS_ALL_ACCESS ( 0x0000001F )
+#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ALIAS_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_ALIAS_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ALIAS_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_ALIAS_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ALIAS_ACCESS_REMOVE_MEMBER|SAMR_ALIAS_ACCESS_ADD_MEMBER|SAMR_ALIAS_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_ALIAS_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ALIAS_ACCESS_LOOKUP_INFO) )
#define MAX_SAM_ENTRIES_W2K ( 0x400 )
#define MAX_SAM_ENTRIES_W95 ( 50 )
#define SAMR_ENUM_USERS_MULTIPLIER ( 54 )
diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl
index cd5fe07..9f72657 100644
--- a/source3/librpc/idl/samr.idl
+++ b/source3/librpc/idl/samr.idl
@@ -40,6 +40,8 @@ import "misc.idl", "lsa.idl", "security.idl";
ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
} samr_AcctFlags;
+ /* SAM server specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
@@ -49,6 +51,29 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
} samr_ConnectAccessMask;
+ const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
+
+ const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_ACCESS_ALL_ACCESS);
+
+ const int GENERIC_RIGHTS_SAM_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_ACCESS_ENUM_DOMAINS);
+
+ const int GENERIC_RIGHTS_SAM_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_ACCESS_CREATE_DOMAIN |
+ SAMR_ACCESS_INITIALIZE_SERVER |
+ SAMR_ACCESS_SHUTDOWN_SERVER);
+
+ const int GENERIC_RIGHTS_SAM_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_CONNECT_TO_SERVER);
+
+ /* User Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
@@ -63,6 +88,35 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
} samr_UserAccessMask;
+ const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_USER_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */
+
+ const int GENERIC_RIGHTS_USER_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP |
+ SAMR_USER_ACCESS_GET_GROUPS |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_LOGONINFO |
+ SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */
+
+ const int GENERIC_RIGHTS_USER_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_SET_LOC_COM |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */
+
+ const int GENERIC_RIGHTS_USER_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */
+
+ /* Domain Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
@@ -77,6 +131,34 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
} samr_DomainAccessMask;
+ const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_DOMAIN_ACCESS_ALL_ACCESS);
+
+ const int GENERIC_RIGHTS_DOMAIN_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
+
+ const int GENERIC_RIGHTS_DOMAIN_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_DOMAIN_ACCESS_SET_INFO_3 |
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
+ SAMR_DOMAIN_ACCESS_CREATE_GROUP |
+ SAMR_DOMAIN_ACCESS_CREATE_USER |
+ SAMR_DOMAIN_ACCESS_SET_INFO_2 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_1);
+
+ const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
+
+ /* Group Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
@@ -85,6 +167,28 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
} samr_GroupAccessMask;
+ const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
+
+ const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+ const int GENERIC_RIGHTS_GROUP_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */
+
+ const int GENERIC_RIGHTS_GROUP_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER |
+ SAMR_GROUP_ACCESS_ADD_MEMBER |
+ SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */
+
+ const int GENERIC_RIGHTS_GROUP_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */
+
+ /* Alias Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
@@ -93,6 +197,26 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
} samr_AliasAccessMask;
+ const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
+
+ const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+ const int GENERIC_RIGHTS_ALIAS_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */
+
+ const int GENERIC_RIGHTS_ALIAS_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
+ SAMR_ALIAS_ACCESS_ADD_MEMBER |
+ SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */
+
+ const int GENERIC_RIGHTS_ALIAS_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */
+
/******************/
/* Function: 0x00 */
NTSTATUS samr_Connect (
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 97da3a4..c573173 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -38,10 +38,10 @@
#define SAMR_USR_RIGHTS_WRITE_PW \
( READ_CONTROL_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM )
+ SAMR_USER_ACCESS_CHANGE_PASSWORD | \
+ SAMR_USER_ACCESS_SET_LOC_COM)
#define SAMR_USR_RIGHTS_CANT_WRITE_PW \
- ( READ_CONTROL_ACCESS | SA_RIGHT_USER_SET_LOC_COM )
+ ( READ_CONTROL_ACCESS | SAMR_USER_ACCESS_SET_LOC_COM )
#define DISP_INFO_CACHE_TIMEOUT 10
@@ -91,7 +91,7 @@ static const struct generic_mapping usr_generic_mapping = {
static const struct generic_mapping usr_nopwchange_generic_mapping = {
GENERIC_RIGHTS_USER_READ,
GENERIC_RIGHTS_USER_WRITE,
- GENERIC_RIGHTS_USER_EXECUTE & ~SA_RIGHT_USER_CHANGE_PASSWORD,
+ GENERIC_RIGHTS_USER_EXECUTE & ~SAMR_USER_ACCESS_CHANGE_PASSWORD,
GENERIC_RIGHTS_USER_ALL_ACCESS};
static const struct generic_mapping grp_generic_mapping = {
GENERIC_RIGHTS_GROUP_READ,
@@ -622,7 +622,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN,
+ SAMR_ACCESS_OPEN_DOMAIN,
"_samr_OpenDomain" );
if ( !NT_STATUS_IS_OK(status) )
@@ -791,7 +791,7 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
ret = pdb_set_pass_can_change(sampass,
(dacl->aces[i].access_mask &
- SA_RIGHT_USER_CHANGE_PASSWORD) ?
+ SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
True: False);
break;
}
@@ -803,7 +803,7 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
}
status = access_check_samr_function(acc_granted,
- SA_RIGHT_USER_SET_ATTRIBUTES,
+ SAMR_USER_ACCESS_SET_ATTRIBUTES,
"_samr_SetSecurity");
if (NT_STATUS_IS_OK(status)) {
become_root();
@@ -990,7 +990,7 @@ NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_EnumDomainUsers");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -1129,7 +1129,7 @@ NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_EnumDomainGroups");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -1209,7 +1209,7 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
sid_string_dbg(&info->sid)));
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_EnumDomainAliases");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -1482,7 +1482,7 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
--
Samba Shared Repository
More information about the samba-cvs
mailing list