[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha7-1193-gd94bbb3
Günther Deschner
gd at samba.org
Tue Apr 21 11:03:08 GMT 2009
The branch, master has been updated
via d94bbb3167f3a18d6b8a311557f228e2977249ea (commit)
via 38264bb3b86a3c9da941070f29ec08227c471d2b (commit)
from da92e54236293460e307edd52ca7f1e20c6f23ef (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d94bbb3167f3a18d6b8a311557f228e2977249ea
Author: Günther Deschner <gd at samba.org>
Date: Tue Apr 21 13:01:29 2009 +0200
s3-secdesc: remove SEC_RIGHT_MAXIMUM_ALLOWED and SEC_RIGHT_SYSTEM_SECURITY.
We had up to three incarnations of these flags in Samba3.
Guenther
commit 38264bb3b86a3c9da941070f29ec08227c471d2b
Author: Günther Deschner <gd at samba.org>
Date: Wed Apr 15 01:30:12 2009 +0200
s3-secdesc: move all winreg access bits to IDL.
Guenther
-----------------------------------------------------------------------
Summary of changes:
librpc/gen_ndr/winreg.h | 4 +++
librpc/idl/winreg.idl | 20 +++++++++++++++++++
source3/include/rpc_secdes.h | 38 -------------------------------------
source3/lib/smbconf/smbconf_reg.c | 2 +-
source3/registry/reg_api.c | 28 +++++++++++++-------------
source3/rpcclient/cmd_test.c | 2 +-
source3/utils/net_rpc.c | 6 ++--
7 files changed, 43 insertions(+), 57 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/gen_ndr/winreg.h b/librpc/gen_ndr/winreg.h
index e0300fd..103817c 100644
--- a/librpc/gen_ndr/winreg.h
+++ b/librpc/gen_ndr/winreg.h
@@ -9,6 +9,10 @@
#ifndef _HEADER_winreg
#define _HEADER_winreg
+#define REG_KEY_READ ( (STANDARD_RIGHTS_READ_ACCESS|KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY) )
+#define REG_KEY_EXECUTE ( REG_KEY_READ )
+#define REG_KEY_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|KEY_SET_VALUE|KEY_CREATE_SUB_KEY) )
+#define REG_KEY_ALL ( (STANDARD_RIGHTS_REQUIRED_ACCESS|REG_KEY_READ|REG_KEY_WRITE|KEY_CREATE_LINK) )
/* bitmap winreg_AccessMask */
#define KEY_QUERY_VALUE ( 0x00001 )
#define KEY_SET_VALUE ( 0x00002 )
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index b905bde..18b5edc 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -14,6 +14,10 @@ import "lsa.idl", "security.idl";
{
typedef bitmap security_secinfo security_secinfo;
+ /*
+ * Access Bits for registry ACLS
+ */
+
typedef [bitmap32bit] bitmap {
KEY_QUERY_VALUE = 0x00001,
KEY_SET_VALUE = 0x00002,
@@ -25,6 +29,22 @@ import "lsa.idl", "security.idl";
KEY_WOW64_32KEY = 0x00200
} winreg_AccessMask;
+ const int REG_KEY_READ = ( STANDARD_RIGHTS_READ_ACCESS |
+ KEY_QUERY_VALUE |
+ KEY_ENUMERATE_SUB_KEYS |
+ KEY_NOTIFY);
+
+ const int REG_KEY_EXECUTE = REG_KEY_READ;
+
+ const int REG_KEY_WRITE = ( STANDARD_RIGHTS_WRITE_ACCESS |
+ KEY_SET_VALUE |
+ KEY_CREATE_SUB_KEY);
+
+ const int REG_KEY_ALL = ( STANDARD_RIGHTS_REQUIRED_ACCESS |
+ REG_KEY_READ |
+ REG_KEY_WRITE |
+ KEY_CREATE_LINK);
+
typedef [public,v1_enum] enum {
REG_NONE = 0,
REG_SZ = 1,
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index c74d621..6db3f2d 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -121,9 +121,6 @@ struct standard_mapping {
#define STANDARD_RIGHTS_MASK 0x00FF0000
#define GENERIC_RIGHTS_MASK 0xF0000000
-#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
-#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
-
/* Generic access rights */
#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
@@ -194,39 +191,4 @@ struct standard_mapping {
SA_RIGHT_FILE_WRITE_DATA | \
SA_RIGHT_FILE_READ_DATA)
-/*
- * Access Bits for registry ACLS
- */
-
-/* used by registry ACLs */
-
-#define SEC_RIGHTS_QUERY_VALUE 0x00000001
-#define SEC_RIGHTS_SET_VALUE 0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
-#define SEC_RIGHTS_NOTIFY 0x00000010
-#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
-
-#define REG_KEY_READ \
- ( STANDARD_RIGHTS_READ_ACCESS |\
- SEC_RIGHTS_QUERY_VALUE |\
- SEC_RIGHTS_ENUM_SUBKEYS |\
- SEC_RIGHTS_NOTIFY )
-
-#define REG_KEY_EXECUTE REG_KEY_READ
-
-#define REG_KEY_WRITE \
- ( STANDARD_RIGHTS_WRITE_ACCESS |\
- SEC_RIGHTS_SET_VALUE |\
- SEC_RIGHTS_CREATE_SUBKEY )
-
-#define REG_KEY_ALL \
- ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
- REG_KEY_READ |\
- REG_KEY_WRITE |\
- SEC_RIGHTS_CREATE_LINK )
-
-
#endif /* _RPC_SECDES_H */
diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c
index 0ecac97..54ce534 100644
--- a/source3/lib/smbconf/smbconf_reg.c
+++ b/source3/lib/smbconf/smbconf_reg.c
@@ -567,7 +567,7 @@ static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path)
}
werr = reg_open_path(ctx, ctx->path,
- SEC_RIGHTS_ENUM_SUBKEYS | REG_KEY_WRITE,
+ KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE,
token, &rpd(ctx)->base_key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c
index c1a78c1..817d43b 100644
--- a/source3/registry/reg_api.c
+++ b/source3/registry/reg_api.c
@@ -272,7 +272,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
err = regkey_open_onelevel(mem_ctx, direct_parent,
name_component, parent->token,
- SEC_RIGHTS_ENUM_SUBKEYS, &tmp);
+ KEY_ENUMERATE_SUB_KEYS, &tmp);
SAFE_FREE(name_component);
if (!W_ERROR_IS_OK(err)) {
@@ -301,7 +301,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key,
{
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) {
+ if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) {
return WERR_ACCESS_DENIED;
}
@@ -332,7 +332,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
struct registry_value *val;
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -370,7 +370,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
WERROR err;
uint32 i;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -399,7 +399,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
WERROR err;
struct security_descriptor *secdesc;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -483,7 +483,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
*end = '\0';
err = reg_createkey(mem_ctx, key, path,
- SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action);
+ KEY_ENUMERATE_SUB_KEYS, &tmp, &action);
if (!W_ERROR_IS_OK(err)) {
goto done;
}
@@ -521,7 +521,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
* with ENUM_SUBKEY access.
*/
- err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY,
+ err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY,
&create_parent);
if (!W_ERROR_IS_OK(err)) {
goto done;
@@ -582,7 +582,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path)
*end = '\0';
err = reg_openkey(mem_ctx, parent, name,
- SEC_RIGHTS_CREATE_SUBKEY, &tmp_key);
+ KEY_CREATE_SUB_KEY, &tmp_key);
W_ERROR_NOT_OK_GOTO_DONE(err);
parent = tmp_key;
@@ -608,7 +608,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
DATA_BLOB value_data;
int res;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -655,7 +655,7 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name)
{
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -982,7 +982,7 @@ WERROR reg_deleteallvalues(struct registry_key *key)
WERROR err;
int i;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -1038,7 +1038,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
*p = '\0';
- err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token,
+ err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token,
&hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@@ -1209,7 +1209,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
err = reg_openhive(mem_ctx, path,
(strchr(p+1, '\\') != NULL) ?
- SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+ KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@@ -1249,7 +1249,7 @@ WERROR reg_delete_path(const struct nt_user_token *token,
err = reg_openhive(NULL, path,
(strchr(p+1, '\\') != NULL) ?
- SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+ KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c
index b7be038..85e90a1 100644
--- a/source3/rpcclient/cmd_test.c
+++ b/source3/rpcclient/cmd_test.c
@@ -45,7 +45,7 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
}
status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
- SEC_RIGHTS_QUERY_VALUE, &pol);
+ KEY_QUERY_VALUE, &pol);
if (!NT_STATUS_IS_OK(status))
goto done;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 845ceca..29e2f4f 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -5596,7 +5596,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
return -1;
}
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -5854,7 +5854,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc,
return -1;
};
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -6011,7 +6011,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
return -1;
};
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
--
Samba Shared Repository
More information about the samba-cvs
mailing list