[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4323-gc16bfb0
Günther Deschner
gd at samba.org
Fri Oct 31 21:22:03 GMT 2008
The branch, v3-3-test has been updated
via c16bfb0efcbe693616763d3f0d70b49e8e612fd1 (commit)
via 14efefad6fab7287f7b4880175003cbd413f280b (commit)
via 7ee4051e1c49aa6662dfc6b745b2e9c2ba508214 (commit)
via c9b124c4606becf3c5d197c9753405aa80420dcc (commit)
via 0dc995ca3f486ed73860ccf8cd444997493ef891 (commit)
via aad6502006d0181c40df7f2fdae1d674ef69b3d2 (commit)
via 20008654b47c0205f1998257b2be89459eb707b5 (commit)
via 83cc89a676517fecddf55dd5adc718d3327c5dda (commit)
via 575029b962e2b08d424ff5d4d6bf4f2359a68853 (commit)
via a00e37ba7fb24a9e9998cd8ddca297ee1b2f15d3 (commit)
via 068d14b489944e07be5608f9b613f174c681bbde (commit)
from 82a25d224b63148c4f9d38ae477328b12a5a03a6 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit c16bfb0efcbe693616763d3f0d70b49e8e612fd1
Author: Günther Deschner <gd at samba.org>
Date: Fri Oct 24 01:58:05 2008 +0200
security-idl: add STANDARD_RIGHTS_X bits.
Guenther
commit 14efefad6fab7287f7b4880175003cbd413f280b
Author: Günther Deschner <gd at samba.org>
Date: Fri Oct 31 22:03:32 2008 +0100
s3-samr: remove duplicate copies of Alias Object specific access rights.
Guenther
commit 7ee4051e1c49aa6662dfc6b745b2e9c2ba508214
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:52:34 2008 +0200
s3-samr-idl: add Alias Object specific access rights.
Guenther
commit c9b124c4606becf3c5d197c9753405aa80420dcc
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:45:58 2008 +0200
s3-samr: remove duplicate copies of Group Object specific access rights.
Guenther
commit 0dc995ca3f486ed73860ccf8cd444997493ef891
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:45:17 2008 +0200
s3-samr-idl: add Group Object specific access rights.
Guenther
commit aad6502006d0181c40df7f2fdae1d674ef69b3d2
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:39:14 2008 +0200
s3-samr: remove duplicate copies of Domain Object specific access rights.
Guenther
commit 20008654b47c0205f1998257b2be89459eb707b5
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:38:21 2008 +0200
s3-samr-idl: add Domain Object specific access rights.
Guenther
commit 83cc89a676517fecddf55dd5adc718d3327c5dda
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:24:41 2008 +0200
s3-samr: remove duplicate copies of SAM user specific access rights.
Guenther
commit 575029b962e2b08d424ff5d4d6bf4f2359a68853
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:23:43 2008 +0200
s3-samr-idl: add User Object specific access rights.
Guenther
commit a00e37ba7fb24a9e9998cd8ddca297ee1b2f15d3
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:01:04 2008 +0200
s3-samr: remove duplicate copies of SAM server specific access rights.
Guenther
commit 068d14b489944e07be5608f9b613f174c681bbde
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 23 19:00:21 2008 +0200
s3-samr-idl: add SAM server specific access rights.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/include/rpc_secdes.h | 171 ---------------------------------------
source/librpc/gen_ndr/samr.h | 25 ++++++
source/librpc/idl/samr.idl | 124 ++++++++++++++++++++++++++++
source/librpc/idl/security.idl | 14 +++
source/rpc_server/srv_samr_nt.c | 96 +++++++++++-----------
source/utils/net_rpc.c | 4 +-
6 files changed, 213 insertions(+), 221 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h
index 71fba41..d2b2c2a 100644
--- a/source/include/rpc_secdes.h
+++ b/source/include/rpc_secdes.h
@@ -214,177 +214,6 @@ struct standard_mapping {
SA_RIGHT_FILE_WRITE_DATA | \
SA_RIGHT_FILE_READ_DATA)
-/* SAM server specific access rights */
-
-#define SA_RIGHT_SAM_CONNECT_SERVER 0x00000001
-#define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
-#define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004
-#define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008
-#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
-
-#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
-
-#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_SAM_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_SAM_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_SAM_ENUM_DOMAINS)
-
-#define GENERIC_RIGHTS_SAM_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_SAM_CREATE_DOMAIN | \
- SA_RIGHT_SAM_INITIALISE_SERVER | \
- SA_RIGHT_SAM_SHUTDOWN_SERVER)
-
-#define GENERIC_RIGHTS_SAM_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_SAM_OPEN_DOMAIN | \
- SA_RIGHT_SAM_CONNECT_SERVER)
-
-
-/* Domain Object specific access rights */
-
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
-#define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
-#define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
-#define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
-#define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
-#define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
-#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
-#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
-#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
-#define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
-
-#define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_DOMAIN_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_DOMAIN_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
-
-#define GENERIC_RIGHTS_DOMAIN_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_DOMAIN_SET_INFO_3 | \
- SA_RIGHT_DOMAIN_CREATE_ALIAS | \
- SA_RIGHT_DOMAIN_CREATE_GROUP | \
- SA_RIGHT_DOMAIN_CREATE_USER | \
- SA_RIGHT_DOMAIN_SET_INFO_2 | \
- SA_RIGHT_DOMAIN_SET_INFO_1)
-
-#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
-
-
-/* User Object specific access rights */
-
-#define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
-#define SA_RIGHT_USER_GET_LOCALE 0x00000002
-#define SA_RIGHT_USER_SET_LOC_COM 0x00000004
-#define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
-#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
-#define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
-#define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
-#define SA_RIGHT_USER_SET_PASSWORD 0x00000080
-#define SA_RIGHT_USER_GET_GROUPS 0x00000100
-#define SA_RIGHT_USER_READ_GROUP_MEM 0x00000200
-#define SA_RIGHT_USER_CHANGE_GROUP_MEM 0x00000400
-
-#define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_USER_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
-
-#define GENERIC_RIGHTS_USER_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_USER_READ_GROUP_MEM | \
- SA_RIGHT_USER_GET_GROUPS | \
- SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
- SA_RIGHT_USER_GET_LOGONINFO | \
- SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
-
-#define GENERIC_RIGHTS_USER_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM | \
- SA_RIGHT_USER_SET_ATTRIBUTES | \
- SA_RIGHT_USER_SET_PASSWORD | \
- SA_RIGHT_USER_CHANGE_GROUP_MEM) /* 0x000204e4 */
-
-#define GENERIC_RIGHTS_USER_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
-
-
-/* Group Object specific access rights */
-
-#define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
-#define SA_RIGHT_GROUP_SET_INFO 0x00000002
-#define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
-#define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
-#define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
-
-#define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_GROUP_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
-
-#define GENERIC_RIGHTS_GROUP_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_GROUP_REMOVE_MEMBER | \
- SA_RIGHT_GROUP_ADD_MEMBER | \
- SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
-
-#define GENERIC_RIGHTS_GROUP_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
-
-
-/* Alias Object specific access rights */
-
-#define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
-#define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
-#define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
-#define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
-#define SA_RIGHT_ALIAS_SET_INFO 0x00000010
-
-#define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_ALIAS_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
-
-#define GENERIC_RIGHTS_ALIAS_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_ALIAS_REMOVE_MEMBER | \
- SA_RIGHT_ALIAS_ADD_MEMBER | \
- SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
-
-#define GENERIC_RIGHTS_ALIAS_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
-
/*
* Acces bits for the svcctl objects
*/
diff --git a/source/librpc/gen_ndr/samr.h b/source/librpc/gen_ndr/samr.h
index 522c6a9..a60cfae 100644
--- a/source/librpc/gen_ndr/samr.h
+++ b/source/librpc/gen_ndr/samr.h
@@ -8,6 +8,31 @@
#ifndef _HEADER_samr
#define _HEADER_samr
+#define SAMR_ACCESS_ALL_ACCESS ( 0x0000003F )
+#define GENERIC_RIGHTS_SAM_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_SAM_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ACCESS_ENUM_DOMAINS) )
+#define GENERIC_RIGHTS_SAM_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ACCESS_CREATE_DOMAIN|SAMR_ACCESS_INITIALIZE_SERVER|SAMR_ACCESS_SHUTDOWN_SERVER) )
+#define GENERIC_RIGHTS_SAM_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_OPEN_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER) )
+#define SAMR_USER_ACCESS_ALL_ACCESS ( 0x000007FF )
+#define GENERIC_RIGHTS_USER_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_USER_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_USER_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP|SAMR_USER_ACCESS_GET_GROUPS|SAMR_USER_ACCESS_GET_ATTRIBUTES|SAMR_USER_ACCESS_GET_LOGONINFO|SAMR_USER_ACCESS_GET_LOCALE) )
+#define GENERIC_RIGHTS_USER_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_USER_ACCESS_CHANGE_PASSWORD|SAMR_USER_ACCESS_SET_LOC_COM|SAMR_USER_ACCESS_SET_ATTRIBUTES|SAMR_USER_ACCESS_SET_PASSWORD|SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP) )
+#define GENERIC_RIGHTS_USER_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_USER_ACCESS_CHANGE_PASSWORD|SAMR_USER_ACCESS_GET_NAME_ETC) )
+#define SAMR_DOMAIN_ACCESS_ALL_ACCESS ( 0x000007FF )
+#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_DOMAIN_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_DOMAIN_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2) )
+#define GENERIC_RIGHTS_DOMAIN_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_DOMAIN_ACCESS_SET_INFO_3|SAMR_DOMAIN_ACCESS_CREATE_ALIAS|SAMR_DOMAIN_ACCESS_CREATE_GROUP|SAMR_DOMAIN_ACCESS_CREATE_USER|SAMR_DOMAIN_ACCESS_SET_INFO_2|SAMR_DOMAIN_ACCESS_SET_INFO_1) )
+#define GENERIC_RIGHTS_DOMAIN_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT|SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1) )
+#define SAMR_GROUP_ACCESS_ALL_ACCESS ( 0x0000001F )
+#define GENERIC_RIGHTS_GROUP_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_GROUP_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_GROUP_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_GROUP_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_GROUP_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_GROUP_ACCESS_REMOVE_MEMBER|SAMR_GROUP_ACCESS_ADD_MEMBER|SAMR_GROUP_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_GROUP_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_GROUP_ACCESS_LOOKUP_INFO) )
+#define SAMR_ALIAS_ACCESS_ALL_ACCESS ( 0x0000001F )
+#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ALIAS_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_ALIAS_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ALIAS_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_ALIAS_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ALIAS_ACCESS_REMOVE_MEMBER|SAMR_ALIAS_ACCESS_ADD_MEMBER|SAMR_ALIAS_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_ALIAS_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ALIAS_ACCESS_LOOKUP_INFO) )
#define MAX_SAM_ENTRIES_W2K ( 0x400 )
#define MAX_SAM_ENTRIES_W95 ( 50 )
#define SAMR_ENUM_USERS_MULTIPLIER ( 54 )
diff --git a/source/librpc/idl/samr.idl b/source/librpc/idl/samr.idl
index e823d1d..43019b6 100644
--- a/source/librpc/idl/samr.idl
+++ b/source/librpc/idl/samr.idl
@@ -40,6 +40,8 @@ import "misc.idl", "lsa.idl", "security.idl";
ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
} samr_AcctFlags;
+ /* SAM server specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
@@ -49,6 +51,29 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
} samr_ConnectAccessMask;
+ const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
+
+ const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_ACCESS_ALL_ACCESS);
+
+ const int GENERIC_RIGHTS_SAM_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_ACCESS_ENUM_DOMAINS);
+
+ const int GENERIC_RIGHTS_SAM_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_ACCESS_CREATE_DOMAIN |
+ SAMR_ACCESS_INITIALIZE_SERVER |
+ SAMR_ACCESS_SHUTDOWN_SERVER);
+
+ const int GENERIC_RIGHTS_SAM_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_CONNECT_TO_SERVER);
+
+ /* User Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
@@ -63,6 +88,35 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
} samr_UserAccessMask;
+ const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_USER_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */
+
+ const int GENERIC_RIGHTS_USER_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP |
+ SAMR_USER_ACCESS_GET_GROUPS |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_LOGONINFO |
+ SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */
+
+ const int GENERIC_RIGHTS_USER_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_SET_LOC_COM |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */
+
+ const int GENERIC_RIGHTS_USER_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */
+
+ /* Domain Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
@@ -77,6 +131,34 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
} samr_DomainAccessMask;
+ const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_DOMAIN_ACCESS_ALL_ACCESS);
+
+ const int GENERIC_RIGHTS_DOMAIN_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
+
+ const int GENERIC_RIGHTS_DOMAIN_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_DOMAIN_ACCESS_SET_INFO_3 |
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
+ SAMR_DOMAIN_ACCESS_CREATE_GROUP |
+ SAMR_DOMAIN_ACCESS_CREATE_USER |
+ SAMR_DOMAIN_ACCESS_SET_INFO_2 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_1);
+
+ const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
+
+ /* Group Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
@@ -85,6 +167,28 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
} samr_GroupAccessMask;
+ const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
+
+ const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+ const int GENERIC_RIGHTS_GROUP_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */
+
+ const int GENERIC_RIGHTS_GROUP_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER |
+ SAMR_GROUP_ACCESS_ADD_MEMBER |
+ SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */
+
+ const int GENERIC_RIGHTS_GROUP_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */
+
+ /* Alias Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
@@ -93,6 +197,26 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
} samr_AliasAccessMask;
+ const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
+
+ const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+ const int GENERIC_RIGHTS_ALIAS_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */
+
+ const int GENERIC_RIGHTS_ALIAS_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
+ SAMR_ALIAS_ACCESS_ADD_MEMBER |
+ SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */
+
+ const int GENERIC_RIGHTS_ALIAS_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */
+
/******************/
/* Function: 0x00 */
NTSTATUS samr_Connect (
diff --git a/source/librpc/idl/security.idl b/source/librpc/idl/security.idl
index c1dfe27..b06ffbc 100644
--- a/source/librpc/idl/security.idl
+++ b/source/librpc/idl/security.idl
@@ -133,6 +133,20 @@ interface security
const int SEC_RIGHTS_DIR_EXECUTE = SEC_RIGHTS_FILE_EXECUTE;
const int SEC_RIGHTS_DIR_ALL = SEC_RIGHTS_FILE_ALL;
+ /* combinations of standard masks. */
+ const int STANDARD_RIGHTS_ALL_ACCESS = SEC_STD_ALL; /* 0x001f0000 */
+ const int STANDARD_RIGHTS_MODIFY_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
+ const int STANDARD_RIGHTS_EXECUTE_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
+ const int STANDARD_RIGHTS_READ_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
+ const int STANDARD_RIGHTS_WRITE_ACCESS =
+ (SEC_STD_WRITE_OWNER |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_DELETE); /* 0x000d0000 */
+ const int STANDARD_RIGHTS_REQUIRED_ACCESS =
+ (SEC_STD_DELETE |
+ SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER); /* 0x000f0000 */
/***************************************************************/
/* WELL KNOWN SIDS */
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 38b0b0a..8edccb6 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -38,10 +38,10 @@
#define SAMR_USR_RIGHTS_WRITE_PW \
( READ_CONTROL_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM )
+ SAMR_USER_ACCESS_CHANGE_PASSWORD | \
+ SAMR_USER_ACCESS_SET_LOC_COM)
#define SAMR_USR_RIGHTS_CANT_WRITE_PW \
- ( READ_CONTROL_ACCESS | SA_RIGHT_USER_SET_LOC_COM )
+ ( READ_CONTROL_ACCESS | SAMR_USER_ACCESS_SET_LOC_COM )
#define DISP_INFO_CACHE_TIMEOUT 10
@@ -91,7 +91,7 @@ static const struct generic_mapping usr_generic_mapping = {
static const struct generic_mapping usr_nopwchange_generic_mapping = {
GENERIC_RIGHTS_USER_READ,
GENERIC_RIGHTS_USER_WRITE,
- GENERIC_RIGHTS_USER_EXECUTE & ~SA_RIGHT_USER_CHANGE_PASSWORD,
+ GENERIC_RIGHTS_USER_EXECUTE & ~SAMR_USER_ACCESS_CHANGE_PASSWORD,
GENERIC_RIGHTS_USER_ALL_ACCESS};
static const struct generic_mapping grp_generic_mapping = {
GENERIC_RIGHTS_GROUP_READ,
@@ -622,7 +622,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN,
+ SAMR_ACCESS_OPEN_DOMAIN,
"_samr_OpenDomain" );
if ( !NT_STATUS_IS_OK(status) )
@@ -791,7 +791,7 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
ret = pdb_set_pass_can_change(sampass,
(dacl->aces[i].access_mask &
- SA_RIGHT_USER_CHANGE_PASSWORD) ?
+ SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
True: False);
break;
}
@@ -803,7 +803,7 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
}
status = access_check_samr_function(acc_granted,
- SA_RIGHT_USER_SET_ATTRIBUTES,
+ SAMR_USER_ACCESS_SET_ATTRIBUTES,
"_samr_SetSecurity");
if (NT_STATUS_IS_OK(status)) {
become_root();
@@ -990,7 +990,7 @@ NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_EnumDomainUsers");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -1129,7 +1129,7 @@ NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_EnumDomainGroups");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -1209,7 +1209,7 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
sid_string_dbg(&info->sid)));
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_EnumDomainAliases");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -1482,7 +1482,7 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
--
Samba Shared Repository
More information about the samba-cvs
mailing list