[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Thu Jun 3 03:02:14 MDT 2010


The branch, master has been updated
       via  614e010... s3: remove authdata.h
       via  4b342b7... s3-build: pure cosmetics, use better names for gen_ndr code pieces.
       via  84a8f04... s3-build: only include generated spoolss headers (not ndr headers).
       via  ce85181... s3: remove rpc_secdes.h completely.
       via  b6a2cea... s3-security: use shared "Standard access rights.".
       via  102b0cf... security: move generic_mapping and standard_mapping to security.idl.
       via  b5c2af9... s3-security: use shared "File Object specific access rights".
       via  37b978c... s3-security: use shared "Generic access rights".
       via  2794d2e... s3-security: use shared Security Access Masks Rights.
       via  5cf3b0b... s3-security: move ALL_SECURITY_INFORMATION to the only user.
       via  1bed525... s3-security: remove duplicate Extra W2K flags.
       via  a75436e... s3-security: use shared SECINFO_DACL define.
       via  e24a59f... s3-security: use shared SECINFO_SACL define.
       via  630c27b... s3-security: use shared SECINFO_GROUP define.
       via  415d3d5... s3-security: use shared SECINFO_OWNER define.
       via  788d7f9... s3-security: remove some more shared secdesc defines.
      from  cb1590e... Ensure we remove SMB2 cancel requests from the active queue now we don't remove them in the talloc destructor.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 614e010daad98081bb7bd03289e9350a49ad81ce
Author: Günther Deschner <gd at samba.org>
Date:   Thu Jun 3 01:45:01 2010 +0200

    s3: remove authdata.h
    
    Guenther

commit 4b342b73a6706eb6ce4b7e20d273b53583a64358
Author: Günther Deschner <gd at samba.org>
Date:   Thu Jun 3 10:25:32 2010 +0200

    s3-build: pure cosmetics, use better names for gen_ndr code pieces.
    
    Guenther

commit 84a8f0451d618ad05d451714f309ed3ab4acf57e
Author: Günther Deschner <gd at samba.org>
Date:   Thu Jun 3 09:57:50 2010 +0200

    s3-build: only include generated spoolss headers (not ndr headers).
    
    Guenther

commit ce851814305d618b20799f00de3b7e11fcd5c954
Author: Günther Deschner <gd at samba.org>
Date:   Thu Jun 3 10:49:34 2010 +0200

    s3: remove rpc_secdes.h completely.
    
    Guenther

commit b6a2cea74d90499bd3e239ab696502ae8afed30e
Author: Günther Deschner <gd at samba.org>
Date:   Thu Jun 3 10:36:05 2010 +0200

    s3-security: use shared "Standard access rights.".
    
    Guenther

commit 102b0cfe62c6486846cdfb4938a83e2be4aad912
Author: Günther Deschner <gd at samba.org>
Date:   Thu Jun 3 01:27:50 2010 +0200

    security: move generic_mapping and standard_mapping to security.idl.
    
    Guenther

commit b5c2af94475337b4769dc464a695ee29bc5e87c7
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:57:09 2010 +0200

    s3-security: use shared "File Object specific access rights".
    
    Guenther

commit 37b978c343b5727c7257d7a0a574ba82bb0c9c0f
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:48:15 2010 +0200

    s3-security: use shared "Generic access rights".
    
    Guenther

commit 2794d2ee7f8e088060e4b86532176673cf7c2580
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:45:44 2010 +0200

    s3-security: use shared Security Access Masks Rights.
    
    Guenther

commit 5cf3b0bba4b45096390fb4bcfb3ad07704d56880
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:45:14 2010 +0200

    s3-security: move ALL_SECURITY_INFORMATION to the only user.
    
    Guenther

commit 1bed5254d9ee28d1efc98f32f5a407ae4359803d
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:39:05 2010 +0200

    s3-security: remove duplicate Extra W2K flags.
    
    Guenther

commit a75436e3ee11fa1491bfa574523269be716fc892
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:35:44 2010 +0200

    s3-security: use shared SECINFO_DACL define.
    
    Guenther

commit e24a59f932897888cadae31469366663aca1a414
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:29:16 2010 +0200

    s3-security: use shared SECINFO_SACL define.
    
    Guenther

commit 630c27bdad32086f16dbafdeab94d34fbc3b9b5e
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:25:18 2010 +0200

    s3-security: use shared SECINFO_GROUP define.
    
    Guenther

commit 415d3d5fe7637e8f9a649665497d3972391750b6
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:22:12 2010 +0200

    s3-security: use shared SECINFO_OWNER define.
    
    Guenther

commit 788d7f9e4ae76105ee481bde42e2ddb8fdac2617
Author: Günther Deschner <gd at samba.org>
Date:   Wed Jun 2 23:16:32 2010 +0200

    s3-security: remove some more shared secdesc defines.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 libgpo/gpo_ldap.c                       |    2 +-
 librpc/idl/security.idl                 |   18 ++++
 source3/Makefile.in                     |   14 ++--
 source3/include/authdata.h              |   36 --------
 source3/include/includes.h              |    1 -
 source3/include/proto.h                 |    2 -
 source3/include/rpc_secdes.h            |  149 -------------------------------
 source3/include/smb.h                   |    3 +-
 source3/lib/netapi/localgroup.c         |    2 +-
 source3/lib/netapi/user.c               |    4 +-
 source3/lib/secdesc.c                   |   15 +++-
 source3/libads/authdata.c               |    1 -
 source3/libads/disp_sec.c               |    3 +
 source3/libsmb/clikrb5.c                |    9 ++-
 source3/libsmb/clisecdesc.c             |    6 +-
 source3/modules/nfs4_acls.c             |   12 ++--
 source3/modules/onefs_acl.c             |   24 +++---
 source3/modules/vfs_acl_common.c        |   64 +++++++-------
 source3/modules/vfs_afsacl.c            |   10 +-
 source3/registry/reg_backend_printing.c |    1 +
 source3/rpc_client/init_spoolss.c       |    1 +
 source3/rpc_server/srv_eventlog_nt.c    |    4 +-
 source3/rpc_server/srv_lsa_nt.c         |    4 +-
 source3/rpc_server/srv_samr_nt.c        |   16 ++--
 source3/rpc_server/srv_spoolss_nt.c     |    4 +-
 source3/rpc_server/srv_spoolss_util.c   |    1 +
 source3/rpc_server/srv_srvsvc_nt.c      |   14 ++--
 source3/rpc_server/srv_svcctl_nt.c      |   18 ++--
 source3/rpc_server/srv_winreg_nt.c      |    4 +-
 source3/rpcclient/cmd_lsarpc.c          |    2 +-
 source3/rpcclient/cmd_samr.c            |    2 +-
 source3/smbd/file_access.c              |    8 +-
 source3/smbd/nttrans.c                  |    8 +-
 source3/smbd/open.c                     |   20 ++--
 source3/smbd/posix_acls.c               |   26 +++---
 source3/smbd/reply.c                    |    2 +-
 source3/utils/net_ads_gpo.c             |    2 +-
 source3/wscript_build                   |   12 +--
 38 files changed, 185 insertions(+), 339 deletions(-)
 delete mode 100644 source3/include/authdata.h
 delete mode 100644 source3/include/rpc_secdes.h


Changeset truncated at 500 lines:

diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index 66e90fb..367756d 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -485,7 +485,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
 		"ntSecurityDescriptor",
 		"versionNumber",
 		NULL};
-	uint32_t sd_flags = DACL_SECURITY_INFORMATION;
+	uint32_t sd_flags = SECINFO_DACL;
 
 	ZERO_STRUCTP(gpo);
 
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index fb1dc0d..7f9e7db 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -519,4 +519,22 @@ interface security
 	const string GUID_DRS_MONITOR_TOPOLOGY        = "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96";
 	const string GUID_DRS_REPL_SYNCRONIZE         = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
 	const string GUID_DRS_RO_REPL_SECRET_SYNC     = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
+
+
+	/* A type to describe the mapping of generic access rights to object
+	   specific access rights. */
+
+	typedef struct {
+		uint32 generic_read;
+		uint32 generic_write;
+		uint32 generic_execute;
+		uint32 generic_all;
+	} generic_mapping;
+
+	typedef	struct {
+		uint32 std_read;
+		uint32 std_write;
+		uint32 std_execute;
+		uint32 std_all;
+	} standard_mapping;
 }
diff --git a/source3/Makefile.in b/source3/Makefile.in
index c33bf27..89f7073 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -319,10 +319,10 @@ RPCCLIENT_NDR_OBJ = rpc_client/ndr.o
 LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \
 		  librpc/gen_ndr/ndr_lsa.o
 
-LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o \
+LIBNDR_NETLOGON_OBJ = librpc/gen_ndr/ndr_netlogon.o \
 		  ../librpc/ndr/ndr_netlogon.o
 
-LIBNDR_GEN_OBJ2 = librpc/gen_ndr/ndr_spoolss.o \
+LIBNDR_SPOOLSS_OBJ = librpc/gen_ndr/ndr_spoolss.o \
 		  ../librpc/ndr/ndr_spoolss_buf.o
 
 LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
@@ -333,7 +333,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
 		 librpc/gen_ndr/ndr_initshutdown.o \
 		 librpc/gen_ndr/ndr_srvsvc.o \
 		 librpc/gen_ndr/ndr_eventlog.o \
-		 $(LIBNDR_GEN_OBJ1) \
+		 $(LIBNDR_NETLOGON_OBJ) \
 		 librpc/gen_ndr/ndr_dssetup.o \
 		 librpc/gen_ndr/ndr_notify.o \
 		 librpc/gen_ndr/ndr_xattr.o \
@@ -341,13 +341,11 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
 		 librpc/gen_ndr/ndr_epmapper.o \
 		 librpc/gen_ndr/ndr_named_pipe_auth.o \
 		 librpc/gen_ndr/ndr_ntsvcs.o \
-		 $(LIBNDR_GEN_OBJ2)
-
-RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
+		 $(LIBNDR_SPOOLSS_OBJ)
 
 # this includes only the low level parse code, not stuff
 # that requires knowledge of security contexts
-RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0)
+RPC_PARSE_OBJ1 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
 
 RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o \
 		 rpc_client/init_netlogon.o \
@@ -1311,7 +1309,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \
 		$(PASSDB_OBJ) $(LIBTSOCKET_OBJ) $(GROUPDB_OBJ) \
 		$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
 		$(WBCOMMON_OBJ) \
-		$(LIBNDR_GEN_OBJ0) $(LIBNDR_GEN_OBJ1) @BUILD_INIPARSER@
+		$(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@
 
 
 VLP_OBJ = printing/tests/vlp.o \
diff --git a/source3/include/authdata.h b/source3/include/authdata.h
deleted file mode 100644
index f9578aa..0000000
--- a/source3/include/authdata.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   Kerberos authorization data
-   Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2003
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _AUTHDATA_H
-#define _AUTHDATA_H
-
-#define PAC_TYPE_LOGON_INFO 1
-#define PAC_TYPE_SERVER_CHECKSUM 6
-#define PAC_TYPE_PRIVSVR_CHECKSUM 7
-#define PAC_TYPE_LOGON_NAME 10
-
-#ifndef KRB5_AUTHDATA_WIN2K_PAC
-#define KRB5_AUTHDATA_WIN2K_PAC 128
-#endif
-
-#ifndef KRB5_AUTHDATA_IF_RELEVANT
-#define KRB5_AUTHDATA_IF_RELEVANT 1
-#endif
-
-#endif
diff --git a/source3/include/includes.h b/source3/include/includes.h
index de1d419..02a8494 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -649,7 +649,6 @@ extern void *cmdline_lp_ctx;
 #include "rpc_dce.h"
 #include "mapping.h"
 #include "passdb.h"
-#include "rpc_secdes.h"
 #include "msdfs.h"
 
 struct ntlmssp_state;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5d8a997..590f3fb 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2046,8 +2046,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
 ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
 				       char **returned_principal);
 
-#include "librpc/gen_ndr/ndr_spoolss.h"
-
 /* The following definitions come from librpc/ndr/util.c  */
 
 enum ndr_err_code ndr_push_server_id(struct ndr_push *ndr, int ndr_flags, const struct server_id *r);
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
deleted file mode 100644
index e21767e..0000000
--- a/source3/include/rpc_secdes.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   SMB parameters and setup
-   Copyright (C) Andrew Tridgell              1992-2000
-   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
-#define _RPC_SECDES_H 
-
-/* for ADS */
-#define SEC_RIGHTS_FULL_CTRL		0xf01ff
-
-/*
- * New Windows 2000 bits.
- */
-#define SE_DESC_DACL_AUTO_INHERIT_REQ	0x0100
-#define SE_DESC_SACL_AUTO_INHERIT_REQ	0x0200
-#define SE_DESC_DACL_AUTO_INHERITED	0x0400
-#define SE_DESC_SACL_AUTO_INHERITED	0x0800
-#define SE_DESC_DACL_PROTECTED		0x1000
-#define SE_DESC_SACL_PROTECTED		0x2000
-
-/* security information */
-#define OWNER_SECURITY_INFORMATION	0x00000001
-#define GROUP_SECURITY_INFORMATION	0x00000002
-#define DACL_SECURITY_INFORMATION	0x00000004
-#define SACL_SECURITY_INFORMATION	0x00000008
-/* Extra W2K flags. */
-#define UNPROTECTED_SACL_SECURITY_INFORMATION	0x10000000
-#define UNPROTECTED_DACL_SECURITY_INFORMATION	0x20000000
-#define PROTECTED_SACL_SECURITY_INFORMATION	0x40000000
-#define PROTECTED_DACL_SECURITY_INFORMATION	0x80000000
-
-#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
-					DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
-					UNPROTECTED_SACL_SECURITY_INFORMATION|\
-					UNPROTECTED_DACL_SECURITY_INFORMATION|\
-					PROTECTED_SACL_SECURITY_INFORMATION|\
-					PROTECTED_DACL_SECURITY_INFORMATION)
-
-/* A type to describe the mapping of generic access rights to object
-   specific access rights. */
-
-struct generic_mapping {
-	uint32 generic_read;
-	uint32 generic_write;
-	uint32 generic_execute;
-	uint32 generic_all;
-};
-
-struct standard_mapping {
-	uint32 std_read;
-	uint32 std_write;
-	uint32 std_execute;
-	uint32 std_all;
-};
-
-
-/* Security Access Masks Rights */
-
-#define SPECIFIC_RIGHTS_MASK	0x0000FFFF
-#define STANDARD_RIGHTS_MASK	0x00FF0000
-#define GENERIC_RIGHTS_MASK	0xF0000000
-
-/* Generic access rights */
-
-#define GENERIC_RIGHT_ALL_ACCESS	0x10000000
-#define GENERIC_RIGHT_EXECUTE_ACCESS	0x20000000
-#define GENERIC_RIGHT_WRITE_ACCESS	0x40000000
-#define GENERIC_RIGHT_READ_ACCESS	0x80000000
-
-/* Standard access rights. */
-
-#define STD_RIGHT_DELETE_ACCESS		0x00010000
-#define STD_RIGHT_READ_CONTROL_ACCESS	0x00020000
-#define STD_RIGHT_WRITE_DAC_ACCESS	0x00040000
-#define STD_RIGHT_WRITE_OWNER_ACCESS	0x00080000
-#define STD_RIGHT_SYNCHRONIZE_ACCESS	0x00100000
-
-#define STD_RIGHT_ALL_ACCESS		0x001F0000
-
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA		0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA	0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA	0x00000004
-#define SA_RIGHT_FILE_READ_EA		0x00000008
-#define SA_RIGHT_FILE_WRITE_EA		0x00000010
-#define SA_RIGHT_FILE_EXECUTE		0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD	0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES	0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES	0x00000100
-
-#define SA_RIGHT_FILE_ALL_ACCESS	0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ	\
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_READ_DATA		| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_WRITE_DATA	| \
-		SA_RIGHT_FILE_WRITE_ATTRIBUTES	| \
-		SA_RIGHT_FILE_WRITE_EA		| \
-		SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_EXECUTE)            
-
-#define GENERIC_RIGHTS_FILE_MODIFY \
-		(STANDARD_RIGHTS_MODIFY_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		STD_RIGHT_DELETE_ACCESS		| \
-		SA_RIGHT_FILE_WRITE_ATTRIBUTES	| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_EXECUTE		| \
-		SA_RIGHT_FILE_WRITE_EA		| \
-		SA_RIGHT_FILE_READ_EA		| \
-		SA_RIGHT_FILE_APPEND_DATA	| \
-		SA_RIGHT_FILE_WRITE_DATA	| \
-		SA_RIGHT_FILE_READ_DATA)
-
-#endif /* _RPC_SECDES_H */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 89b3572..d20a04e 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -201,6 +201,7 @@ typedef union unid_t {
 #include "librpc/gen_ndr/epmapper.h"
 #include "librpc/gen_ndr/krb5pac.h"
 #include "librpc/gen_ndr/dcerpc.h"
+#include "librpc/gen_ndr/spoolss.h"
 
 struct lsa_dom_info {
 	bool valid;
@@ -1234,7 +1235,7 @@ struct bitmap {
 			   SYNCHRONIZE_ACCESS)
 
 /* This maps to 0x120116 */
-#define FILE_GENERIC_WRITE (STD_RIGHT_READ_CONTROL_ACCESS|\
+#define FILE_GENERIC_WRITE (SEC_STD_READ_CONTROL|\
 			    FILE_WRITE_DATA|\
 			    FILE_WRITE_ATTRIBUTES|\
 			    FILE_WRITE_EA|\
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index dd0f8d2..f883232 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -934,7 +934,7 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
 
 	status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx,
 					 false,
-					 STD_RIGHT_READ_CONTROL_ACCESS |
+					 SEC_STD_READ_CONTROL |
 					 LSA_POLICY_VIEW_LOCAL_INFORMATION |
 					 LSA_POLICY_LOOKUP_NAMES,
 					 &lsa_handle);
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index e291193..c586d11 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -1770,8 +1770,8 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
 				    SAMR_USER_ACCESS_GET_GROUPS;
 			break;
 		case 3:
-			user_mask = STD_RIGHT_READ_CONTROL_ACCESS |
-				    STD_RIGHT_WRITE_DAC_ACCESS |
+			user_mask = SEC_STD_READ_CONTROL |
+				    SEC_STD_WRITE_DAC |
 				    SAMR_USER_ACCESS_GET_GROUPS |
 				    SAMR_USER_ACCESS_SET_PASSWORD |
 				    SAMR_USER_ACCESS_SET_ATTRIBUTES |
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index fc40b9e..b9ed955 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -23,6 +23,13 @@
 #include "includes.h"
 #include "../librpc/gen_ndr/ndr_security.h"
 
+#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
+					SECINFO_DACL|SECINFO_SACL|\
+					SECINFO_UNPROTECTED_SACL|\
+					SECINFO_UNPROTECTED_DACL|\
+					SECINFO_PROTECTED_SACL|\
+					SECINFO_PROTECTED_DACL)
+
 /* Map generic permissions to file object specific permissions */
 
 const struct generic_mapping file_generic_mapping = {
@@ -43,16 +50,16 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
 	SMB_ASSERT(sd);
 
 	if (sd->owner_sid == NULL) {
-		sec_info &= ~OWNER_SECURITY_INFORMATION;
+		sec_info &= ~SECINFO_OWNER;
 	}
 	if (sd->group_sid == NULL) {
-		sec_info &= ~GROUP_SECURITY_INFORMATION;
+		sec_info &= ~SECINFO_GROUP;
 	}
 	if (sd->sacl == NULL) {
-		sec_info &= ~SACL_SECURITY_INFORMATION;
+		sec_info &= ~SECINFO_SACL;
 	}
 	if (sd->dacl == NULL) {
-		sec_info &= ~DACL_SECURITY_INFORMATION;
+		sec_info &= ~SECINFO_DACL;
 	}
 
 	return sec_info;
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index f76f6df..305b607 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -25,7 +25,6 @@
 #include "includes.h"
 #include "librpc/gen_ndr/ndr_krb5pac.h"
 #include "smb_krb5.h"
-#include "authdata.h"
 
 #ifdef HAVE_KRB5
 
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
index ad07ffc..89baaf2 100644
--- a/source3/libads/disp_sec.c
+++ b/source3/libads/disp_sec.c
@@ -19,6 +19,9 @@
 
 #include "includes.h"
 
+/* for ADS */
+#define SEC_RIGHTS_FULL_CTRL		0xf01ff
+
 #ifdef HAVE_LDAP
 
 static struct perm_mask_str {
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 04c9bbf..098d633 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -20,9 +20,16 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#ifndef KRB5_AUTHDATA_WIN2K_PAC
+#define KRB5_AUTHDATA_WIN2K_PAC 128
+#endif
+
+#ifndef KRB5_AUTHDATA_IF_RELEVANT
+#define KRB5_AUTHDATA_IF_RELEVANT 1
+#endif
+
 #include "includes.h"
 #include "smb_krb5.h"
-#include "authdata.h"
 
 #ifdef HAVE_KRB5
 
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index b6eff39..1fc3da0 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -91,11 +91,11 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
 	SIVAL(param, 0, fnum);
 
 	if (sd->dacl)
-		sec_info |= DACL_SECURITY_INFORMATION;
+		sec_info |= SECINFO_DACL;
 	if (sd->owner_sid)
-		sec_info |= OWNER_SECURITY_INFORMATION;
+		sec_info |= SECINFO_OWNER;
 	if (sd->group_sid)
-		sec_info |= GROUP_SECURITY_INFORMATION;
+		sec_info |= SECINFO_GROUP;
 	SSVAL(param, 4, sec_info);
 
 	if (!cli_send_nt_trans(cli, 
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 875f18c..83e8f38 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -322,8 +322,8 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
 
 	DEBUG(10,("after make sec_acl\n"));
 	*ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
-	                        (security_info & OWNER_SECURITY_INFORMATION) ? &sid_owner : NULL,
-	                        (security_info & GROUP_SECURITY_INFORMATION) ? &sid_group : NULL,
+	                        (security_info & SECINFO_OWNER) ? &sid_owner : NULL,
+	                        (security_info & SECINFO_GROUP) ? &sid_group : NULL,
 	                        NULL, psa, &sd_size);
 	if (*ppdesc==NULL) {
 		DEBUG(2,("make_sec_desc failed\n"));
@@ -553,7 +553,7 @@ static bool smbacl4_fill_ace4(
 	ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
 	ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
 	ace_v4->aceMask = ace_nt->access_mask &
-		(STD_RIGHT_ALL_ACCESS | SA_RIGHT_FILE_ALL_ACCESS);
+		(SEC_STD_ALL | SEC_FILE_ALL);
 
 	se_map_generic(&ace_v4->aceMask, &file_generic_mapping);
 
@@ -734,8 +734,8 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
 
 	DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
 
-	if ((security_info_sent & (DACL_SECURITY_INFORMATION |
-		GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION)) == 0)
+	if ((security_info_sent & (SECINFO_DACL |
+		SECINFO_GROUP | SECINFO_OWNER)) == 0)


-- 
Samba Shared Repository


More information about the samba-cvs mailing list