sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-22 05:57:43 +03:00
Code

r4011: get rid of rpc_secdes.h and replace it with a single sane set of

Browse Source 
definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
This commit is contained in:
Andrew Tridgell 2004-11-30 04:33:27 +00:00 committed by Gerald (Jerry) Carter
parent 2ed4ff13d5
commit fdc9f417d8
41 changed files with 450 additions and 646 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source4/include/includes.h
View File

@ -169,7 +169,6 @@ extern int errno;
#include "enums.h"
#include "pstring.h"
#include "smb_macros.h"
#include "rpc_secdes.h"
#include "smb.h"
#include "ads.h"
#include "lib/socket/socket.h"

344
source4/include/rpc_secdes.h
View File

@ -1,344 +0,0 @@
/*
Unix SMB/CIFS implementation.
SMB parameters and setup
Copyright (C) Andrew Tridgell 1992-2000
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
typedef struct security_descriptor SEC_DESC;
#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
#define _RPC_SECDES_H
#define SEC_RIGHTS_QUERY_VALUE 0x00000001
#define SEC_RIGHTS_SET_VALUE 0x00000002
#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
#define SEC_RIGHTS_NOTIFY 0x00000010
#define SEC_RIGHTS_CREATE_LINK 0x00000020
#define SEC_RIGHTS_READ 0x00020019
#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
/* for ADS */
#define SEC_RIGHTS_LIST_CONTENTS 0x4
#define SEC_RIGHTS_LIST_OBJECT 0x80
#define SEC_RIGHTS_READ_ALL_PROP 0x10
#define SEC_RIGHTS_READ_PERMS 0x20000
#define SEC_RIGHTS_WRITE_ALL_VALID 0x8
#define SEC_RIGHTS_WRITE_ALL_PROP 0x20
#define SEC_RIGHTS_MODIFY_OWNER 0x80000
#define SEC_RIGHTS_MODIFY_PERMS 0x40000
#define SEC_RIGHTS_CREATE_CHILD 0x1
#define SEC_RIGHTS_DELETE_CHILD 0x2
#define SEC_RIGHTS_DELETE_SUBTREE 0x40
#define SEC_RIGHTS_DELETE 0x10000 /* advanced/special/object/delete */
#define SEC_RIGHTS_EXTENDED 0x100 /* change/reset password, receive/send as*/
#define SEC_RIGHTS_CHANGE_PASSWD SEC_RIGHTS_EXTENDED
#define SEC_RIGHTS_RESET_PASSWD SEC_RIGHTS_EXTENDED
#define SEC_RIGHTS_FULL_CTRL 0xf01ff
/* Don't know what this means. */
/* security information flags used in query_secdesc and set_secdesc */
#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
/* Extra W2K flags. */
#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
UNPROTECTED_SACL_SECURITY_INFORMATION|\
UNPROTECTED_DACL_SECURITY_INFORMATION|\
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
#ifndef ACL_REVISION
#define ACL_REVISION 0x3
#endif
#ifndef NT4_ACL_REVISION
#define NT4_ACL_REVISION 0x2
#endif
#ifndef SEC_DESC_REVISION
#define SEC_DESC_REVISION 0x1
#endif
/* Security Access Masks Rights */
#define SPECIFIC_RIGHTS_MASK 0x0000FFFF
#define STANDARD_RIGHTS_MASK 0x00FF0000
#define GENERIC_RIGHTS_MASK 0xF0000000
#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
/* Generic access rights */
#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
#define GENERIC_RIGHT_EXECUTE_ACCESS 0x20000000
#define GENERIC_RIGHT_WRITE_ACCESS 0x40000000
#define GENERIC_RIGHT_READ_ACCESS 0x80000000
/* Standard access rights. */
#define STD_RIGHT_DELETE_ACCESS 0x00010000
#define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
#define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
#define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
#define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
#define STD_RIGHT_ALL_ACCESS 0x001F0000
/* Combinations of standard masks. */
#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
#define STANDARD_RIGHTS_REQUIRED_ACCESS \
(STD_RIGHT_DELETE_ACCESS | \
STD_RIGHT_READ_CONTROL_ACCESS | \
STD_RIGHT_WRITE_DAC_ACCESS | \
STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */
/* File Object specific access rights */
#define SA_RIGHT_FILE_READ_DATA 0x00000001
#define SA_RIGHT_FILE_WRITE_DATA 0x00000002
#define SA_RIGHT_FILE_APPEND_DATA 0x00000004
#define SA_RIGHT_FILE_READ_EA 0x00000008
#define SA_RIGHT_FILE_WRITE_EA 0x00000010
#define SA_RIGHT_FILE_EXECUTE 0x00000020
#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
#define SA_RIGHT_FILE_READ_EXEC (SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE)
#define SA_RIGHT_FILE_WRITE_APPEND (SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA)
#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
(STANDARD_RIGHTS_REQUIRED_ACCESS| \
STD_RIGHT_SYNCHRONIZE_ACCESS | \
SA_RIGHT_FILE_ALL_ACCESS)
#define GENERIC_RIGHTS_FILE_READ \
(STANDARD_RIGHTS_READ_ACCESS | \
STD_RIGHT_SYNCHRONIZE_ACCESS | \
SA_RIGHT_FILE_READ_DATA | \
SA_RIGHT_FILE_READ_ATTRIBUTES | \
SA_RIGHT_FILE_READ_EA)
#define GENERIC_RIGHTS_FILE_WRITE \
(STANDARD_RIGHTS_WRITE_ACCESS | \
STD_RIGHT_SYNCHRONIZE_ACCESS | \
SA_RIGHT_FILE_WRITE_DATA | \
SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
SA_RIGHT_FILE_WRITE_EA | \
SA_RIGHT_FILE_APPEND_DATA)
#define GENERIC_RIGHTS_FILE_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
SA_RIGHT_FILE_READ_ATTRIBUTES | \
SA_RIGHT_FILE_EXECUTE)
/* directory specific access rights */
#define SA_RIGHT_DIR_LIST 0x0001
#define SA_RIGHT_DIR_ADD_FILE 0x0002
#define SA_RIGHT_DIR_ADD_SUBDIRECTORY 0x0004
#define SA_RIGHT_DIR_TRAVERSE 0x0020
#define SA_RIGHT_DIR_DELETE_CHILD 0x0040
/* SAM server specific access rights */
#define SA_RIGHT_SAM_CONNECT_SERVER 0x00000001
#define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
#define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004
#define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008
#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
(STANDARD_RIGHTS_REQUIRED_ACCESS| \
SA_RIGHT_SAM_ALL_ACCESS)
#define GENERIC_RIGHTS_SAM_READ \
(STANDARD_RIGHTS_READ_ACCESS | \
SA_RIGHT_SAM_ENUM_DOMAINS)
#define GENERIC_RIGHTS_SAM_WRITE \
(STANDARD_RIGHTS_WRITE_ACCESS | \
SA_RIGHT_SAM_CREATE_DOMAIN | \
SA_RIGHT_SAM_INITIALISE_SERVER | \
SA_RIGHT_SAM_SHUTDOWN_SERVER)
#define GENERIC_RIGHTS_SAM_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
SA_RIGHT_SAM_OPEN_DOMAIN | \
SA_RIGHT_SAM_CONNECT_SERVER)
/* Domain Object specific access rights */
#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
#define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
#define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
#define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
#define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
#define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
#define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
#define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
(STANDARD_RIGHTS_REQUIRED_ACCESS| \
SA_RIGHT_DOMAIN_ALL_ACCESS)
#define GENERIC_RIGHTS_DOMAIN_READ \
(STANDARD_RIGHTS_READ_ACCESS | \
SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
#define GENERIC_RIGHTS_DOMAIN_WRITE \
(STANDARD_RIGHTS_WRITE_ACCESS | \
SA_RIGHT_DOMAIN_SET_INFO_3 | \
SA_RIGHT_DOMAIN_CREATE_ALIAS | \
SA_RIGHT_DOMAIN_CREATE_GROUP | \
SA_RIGHT_DOMAIN_CREATE_USER | \
SA_RIGHT_DOMAIN_SET_INFO_2 | \
SA_RIGHT_DOMAIN_SET_INFO_1)
#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
/* User Object specific access rights */
#define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
#define SA_RIGHT_USER_GET_LOCALE 0x00000002
#define SA_RIGHT_USER_SET_LOC_COM 0x00000004
#define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
#define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
#define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
#define SA_RIGHT_USER_SET_PASSWORD 0x00000080
#define SA_RIGHT_USER_GET_GROUPS 0x00000100
#define SA_RIGHT_USER_READ_GROUP_MEM 0x00000200
#define SA_RIGHT_USER_CHANGE_GROUP_MEM 0x00000400
#define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
#define GENERIC_RIGHTS_USER_ALL_ACCESS \
(STANDARD_RIGHTS_REQUIRED_ACCESS| \
SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
#define GENERIC_RIGHTS_USER_READ \
(STANDARD_RIGHTS_READ_ACCESS | \
SA_RIGHT_USER_READ_GROUP_MEM | \
SA_RIGHT_USER_GET_GROUPS | \
SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
SA_RIGHT_USER_GET_LOGONINFO | \
SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
#define GENERIC_RIGHTS_USER_WRITE \
(STANDARD_RIGHTS_WRITE_ACCESS | \
SA_RIGHT_USER_CHANGE_PASSWORD | \
SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */
#define GENERIC_RIGHTS_USER_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
SA_RIGHT_USER_CHANGE_PASSWORD | \
SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
/* Group Object specific access rights */
#define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
#define SA_RIGHT_GROUP_SET_INFO 0x00000002
#define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
#define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
#define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
#define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
(STANDARD_RIGHTS_REQUIRED_ACCESS| \
SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
#define GENERIC_RIGHTS_GROUP_READ \
(STANDARD_RIGHTS_READ_ACCESS | \
SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
#define GENERIC_RIGHTS_GROUP_WRITE \
(STANDARD_RIGHTS_WRITE_ACCESS | \
SA_RIGHT_GROUP_REMOVE_MEMBER | \
SA_RIGHT_GROUP_ADD_MEMBER | \
SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
#define GENERIC_RIGHTS_GROUP_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
/* Alias Object specific access rights */
#define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
#define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
#define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
#define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
#define SA_RIGHT_ALIAS_SET_INFO 0x00000010
#define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
(STANDARD_RIGHTS_REQUIRED_ACCESS| \
SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
#define GENERIC_RIGHTS_ALIAS_READ \
(STANDARD_RIGHTS_READ_ACCESS | \
SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
#define GENERIC_RIGHTS_ALIAS_WRITE \
(STANDARD_RIGHTS_WRITE_ACCESS | \
SA_RIGHT_ALIAS_REMOVE_MEMBER | \
SA_RIGHT_ALIAS_ADD_MEMBER | \
SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
#define GENERIC_RIGHTS_ALIAS_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
#endif /* _RPC_SECDES_H */

2
source4/include/structs.h
View File

@ -125,3 +125,5 @@ struct ldb_message;
struct security_token;
struct security_acl;
struct security_ace;
typedef struct security_descriptor SEC_DESC;

94
source4/librpc/idl/security.idl
View File

@ -6,6 +6,90 @@
interface security
{
/*
access masks are divided up like this:
0xabccdddd
where
a = generic rights bits SEC_GENERIC_
b = flags SEC_FLAG_
c = standard rights bits SEC_STD_
d = object type specific bits SEC_{FILE,DIR,REG,xxx}_
common combinations of bits are prefixed with SEC_RIGHTS_
*/
const int SEC_MASK_GENERIC = 0xF0000000;
const int SEC_MASK_FLAGS = 0x0F000000;
const int SEC_MASK_STANDARD = 0x00FF0000;
const int SEC_MASK_SPECIFIC = 0x0000FFFF;
/* generic bits */
const int SEC_GENERIC_ALL = 0x10000000;
const int SEC_GENERIC_EXECUTE = 0x20000000;
const int SEC_GENERIC_WRITE = 0x40000000;
const int SEC_GENERIC_READ = 0x80000000;
/* flag bits */
const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000;
const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000;
/* standard bits */
const int SEC_STD_DELETE = 0x00010000;
const int SEC_STD_READ_CONTROL = 0x00020000;
const int SEC_STD_WRITE_DAC = 0x00040000;
const int SEC_STD_WRITE_OWNER = 0x00080000;
const int SEC_STD_SYNCHRONIZE = 0x00100000;
const int SEC_STD_REQUIRED = 0x000F0000;
const int SEC_STD_ALL = 0x001F0000;
/* file specific bits */
const int SEC_FILE_READ_DATA = 0x00000001;
const int SEC_FILE_WRITE_DATA = 0x00000002;
const int SEC_FILE_APPEND_DATA = 0x00000004;
const int SEC_FILE_READ_EA = 0x00000008;
const int SEC_FILE_WRITE_EA = 0x00000010;
const int SEC_FILE_EXECUTE = 0x00000020;
const int SEC_FILE_READ_ATTRIBUTE = 0x00000080;
const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100;
const int SEC_FILE_ALL = 0x000001ff;
/* directory specific bits */
const int SEC_DIR_LIST = 0x00000001;
const int SEC_DIR_ADD_FILE = 0x00000002;
const int SEC_DIR_ADD_SUBDIR = 0x00000004;
const int SEC_DIR_READ_EA = 0x00000008;
const int SEC_DIR_WRITE_EA = 0x00000010;
const int SEC_DIR_TRAVERSE = 0x00000020;
const int SEC_DIR_DELETE_CHILD = 0x00000040;
const int SEC_DIR_READ_ATTRIBUTE = 0x00000080;
const int SEC_DIR_WRITE_ATTRIBUTE = 0x00000100;
/* registry entry specific bits */
const int SEC_REG_QUERY_VALUE = 0x00000001;
const int SEC_REG_SET_VALUE = 0x00000002;
const int SEC_REG_CREATE_SUBKEY = 0x00000004;
const int SEC_REG_ENUM_SUBKEYS = 0x00000008;
const int SEC_REG_NOTIFY = 0x00000010;
const int SEC_REG_CREATE_LINK = 0x00000020;
/* common combinations of bits */
const int SEC_RIGHTS_FULL_CONTROL = SEC_STD_ALL | SEC_FILE_ALL;
const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL |
SEC_STD_SYNCHRONIZE |
SEC_FILE_READ_DATA |
SEC_FILE_READ_ATTRIBUTE |
SEC_FILE_READ_EA;
const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL |
SEC_STD_SYNCHRONIZE |
SEC_FILE_WRITE_DATA |
SEC_FILE_WRITE_ATTRIBUTE |
SEC_FILE_WRITE_EA |
SEC_FILE_APPEND_DATA;
const int SEC_RIGHTS_MAXIMUM_ALLOWED = SEC_FLAG_MAXIMUM_ALLOWED;
/* a NULL sid */
const string SID_NULL = "S-1-0-0";
@ -83,6 +167,8 @@ interface security
dom_sid trustee;
} security_ace;
const int NT4_ACL_REVISION = 0x2;
typedef [public] struct {
uint16 revision;
[value(ndr_size_security_acl(r))] uint16 size;
@ -111,6 +197,14 @@ interface security
const int SEC_DESC_RM_CONTROL_VALID = 0x4000;
const int SEC_DESC_SELF_RELATIVE = 0x8000;
/* bits that determine which parts of a security descriptor
are being queried/set */
const int SECINFO_OWNER = 0x00000001;
const int SECINFO_GROUP = 0x00000002;
const int SECINFO_DACL = 0x00000004;
const int SECINFO_SACL = 0x00000008;
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
uint8 revision;
uint16 type; /* SEC_DESC_xxxx flags */

11
source4/librpc/rpc/dcerpc_smb.c
View File

@ -23,6 +23,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
/* transport private information used by SMB pipe transport */
struct smb_private {
@ -379,11 +380,11 @@ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe **p,
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask =
STD_RIGHT_READ_CONTROL_ACCESS |
SA_RIGHT_FILE_WRITE_ATTRIBUTES |
SA_RIGHT_FILE_WRITE_EA |
GENERIC_RIGHTS_FILE_READ |
GENERIC_RIGHTS_FILE_WRITE;
SEC_STD_READ_CONTROL |
SEC_FILE_WRITE_ATTRIBUTE |
SEC_FILE_WRITE_EA |
SEC_FILE_READ_DATA |
SEC_FILE_WRITE_DATA;
io.ntcreatex.in.file_attr = 0;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.share_access =

29
source4/ntvfs/common/opendb.c
View File

@ -40,6 +40,7 @@
#include "includes.h"
#include "messages.h"
#include "librpc/gen_ndr/ndr_security.h"
struct odb_context {
struct tdb_wrap *w;
@ -157,14 +158,18 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
/* if either open involves no read.write or delete access then
it can't conflict */
if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
SA_RIGHT_FILE_READ_EXEC |
STD_RIGHT_DELETE_ACCESS))) {
if (!(e1->access_mask & (SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_READ_DATA |
SEC_FILE_EXECUTE |
SEC_STD_DELETE))) {
return False;
}
if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND |
SA_RIGHT_FILE_READ_EXEC |
STD_RIGHT_DELETE_ACCESS))) {
if (!(e2->access_mask & (SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_READ_DATA |
SEC_FILE_EXECUTE |
SEC_STD_DELETE))) {
return False;
}
@ -176,24 +181,24 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
}
CHECK_MASK(e1->access_mask, e2->share_access,
SA_RIGHT_FILE_WRITE_APPEND,
SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e2->access_mask, e1->share_access,
SA_RIGHT_FILE_WRITE_APPEND,
SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e1->access_mask, e2->share_access,
SA_RIGHT_FILE_READ_EXEC,
SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e2->access_mask, e1->share_access,
SA_RIGHT_FILE_READ_EXEC,
SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(e1->access_mask, e2->share_access,
STD_RIGHT_DELETE_ACCESS,
SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
CHECK_MASK(e2->access_mask, e1->share_access,
STD_RIGHT_DELETE_ACCESS,
SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
/* if a delete is pending then a second open is not allowed */

31
source4/ntvfs/ntvfs_generic.c
View File

@ -33,6 +33,7 @@
#include "includes.h"
#include "smb_server/smb_server.h"
#include "librpc/gen_ndr/ndr_security.h"
/* a second stage function converts from the out parameters of the generic
call onto the out parameters of the specific call made */
@ -178,7 +179,7 @@ static NTSTATUS ntvfs_map_open_finish(struct smbsrv_request *req,
io->openx.out.devstate = 0;
io->openx.out.action = io2->generic.out.create_action;
io->openx.out.unique_fid = 0;
io->openx.out.access_mask = STANDARD_RIGHTS_ALL_ACCESS;
io->openx.out.access_mask = SEC_STD_ALL;
io->openx.out.unknown = 0;
/* we need to extend the file to the requested size if
@ -280,17 +281,19 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
switch (io->openx.in.open_mode & OPENX_MODE_ACCESS_MASK) {
case OPENX_MODE_ACCESS_READ:
io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openx.out.access = OPENX_MODE_ACCESS_READ;
break;
case OPENX_MODE_ACCESS_WRITE:
io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_WRITE;
break;
case OPENX_MODE_ACCESS_RDWR:
case OPENX_MODE_ACCESS_FCB:
case OPENX_MODE_ACCESS_EXEC:
io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE | GENERIC_RIGHTS_FILE_READ;
io2->generic.in.access_mask =
SEC_RIGHTS_FILE_READ |
SEC_RIGHTS_FILE_WRITE;
io->openx.out.access = OPENX_MODE_ACCESS_RDWR;
break;
default:
@ -381,17 +384,17 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN;
switch (io->openold.in.flags & OPEN_FLAGS_MODE_MASK) {
case OPEN_FLAGS_OPEN_READ:
io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ;
io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
io->openold.out.rmode = DOS_OPEN_RDONLY;
break;
case OPEN_FLAGS_OPEN_WRITE:
io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_WRITE;
io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_WRONLY;
break;
case OPEN_FLAGS_OPEN_RDWR:
case 0xf: /* FCB mode */
io2->generic.in.access_mask = GENERIC_RIGHTS_FILE_READ |
GENERIC_RIGHTS_FILE_WRITE;
io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ |
SEC_RIGHTS_FILE_WRITE;
io->openold.out.rmode = DOS_OPEN_RDWR; /* assume we got r/w */
break;
default:
@ -463,8 +466,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
GENERIC_RIGHTS_FILE_READ |
GENERIC_RIGHTS_FILE_WRITE;
SEC_RIGHTS_FILE_READ |
SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
@ -476,8 +479,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
io2->generic.in.fname = io->mknew.in.fname;
io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
io2->generic.in.access_mask =
GENERIC_RIGHTS_FILE_READ |
GENERIC_RIGHTS_FILE_WRITE;
SEC_RIGHTS_FILE_READ |
SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
@ -493,8 +496,8 @@ NTSTATUS ntvfs_map_open(struct smbsrv_request *req, union smb_open *io,
generate_random_str_list(io2, 5, "0123456789"));
io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
io2->generic.in.access_mask =
GENERIC_RIGHTS_FILE_READ |
GENERIC_RIGHTS_FILE_WRITE;
SEC_RIGHTS_FILE_READ |
SEC_RIGHTS_FILE_WRITE;
io2->generic.in.share_access =
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;

80
source4/ntvfs/posix/pvfs_acl.c
View File

@ -71,7 +71,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
- Group
- Everyone
*/
access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS;
access_masks[0] = SEC_RIGHTS_FULL_CONTROL;
access_masks[1] = 0;
access_masks[2] = 0;
access_masks[3] = 0;
@ -80,54 +80,54 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
if (mode & S_IRUSR) {
access_masks[1] |=
SA_RIGHT_FILE_READ_DATA |
SA_RIGHT_FILE_READ_EA |
SA_RIGHT_FILE_READ_ATTRIBUTES |
SA_RIGHT_FILE_EXECUTE |
STD_RIGHT_SYNCHRONIZE_ACCESS |
STD_RIGHT_READ_CONTROL_ACCESS;
SEC_FILE_READ_DATA |
SEC_FILE_READ_EA |
SEC_FILE_READ_ATTRIBUTE |
SEC_FILE_EXECUTE |
SEC_STD_SYNCHRONIZE |
SEC_STD_READ_CONTROL;
}
if (mode & S_IWUSR) {
access_masks[1] |=
SA_RIGHT_FILE_WRITE_DATA |
SA_RIGHT_FILE_APPEND_DATA |
SA_RIGHT_FILE_WRITE_EA |
SA_RIGHT_FILE_WRITE_ATTRIBUTES |
STD_RIGHT_DELETE_ACCESS;
SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA |
SEC_FILE_WRITE_ATTRIBUTE |
SEC_STD_DELETE;
}
if (mode & S_IRGRP) {
access_masks[2] |=
SA_RIGHT_FILE_READ_DATA |
SA_RIGHT_FILE_READ_EA |
SA_RIGHT_FILE_READ_ATTRIBUTES |
SA_RIGHT_FILE_EXECUTE |
STD_RIGHT_SYNCHRONIZE_ACCESS |
STD_RIGHT_READ_CONTROL_ACCESS;
SEC_FILE_READ_DATA |
SEC_FILE_READ_EA |
SEC_FILE_READ_ATTRIBUTE |
SEC_FILE_EXECUTE |
SEC_STD_SYNCHRONIZE |
SEC_STD_READ_CONTROL;
}
if (mode & S_IWGRP) {
access_masks[2] |=
SA_RIGHT_FILE_WRITE_DATA |
SA_RIGHT_FILE_APPEND_DATA |
SA_RIGHT_FILE_WRITE_EA |
SA_RIGHT_FILE_WRITE_ATTRIBUTES;
SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA |
SEC_FILE_WRITE_ATTRIBUTE;
}
if (mode & S_IROTH) {
access_masks[3] |=
SA_RIGHT_FILE_READ_DATA |
SA_RIGHT_FILE_READ_EA |
SA_RIGHT_FILE_READ_ATTRIBUTES |
SA_RIGHT_FILE_EXECUTE |
STD_RIGHT_SYNCHRONIZE_ACCESS |
STD_RIGHT_READ_CONTROL_ACCESS;
SEC_FILE_READ_DATA |
SEC_FILE_READ_EA |
SEC_FILE_READ_ATTRIBUTE |
SEC_FILE_EXECUTE |
SEC_STD_SYNCHRONIZE |
SEC_STD_READ_CONTROL;
}
if (mode & S_IWOTH) {
access_masks[3] |=
SA_RIGHT_FILE_WRITE_DATA |
SA_RIGHT_FILE_APPEND_DATA |
SA_RIGHT_FILE_WRITE_EA |
SA_RIGHT_FILE_WRITE_ATTRIBUTES;
SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA |
SEC_FILE_WRITE_ATTRIBUTE;
}
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
@ -163,16 +163,16 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
*/
static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags)
{
if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) {
if (!(secinfo_flags & SECINFO_OWNER)) {
sd->owner_sid = NULL;
}
if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) {
if (!(secinfo_flags & SECINFO_GROUP)) {
sd->group_sid = NULL;
}
if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) {
if (!(secinfo_flags & SECINFO_DACL)) {
sd->dacl = NULL;
}
if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) {
if (!(secinfo_flags & SECINFO_SACL)) {
sd->sacl = NULL;
}
}
@ -214,16 +214,16 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
new_sd = info->set_secdesc.in.sd;
/* only set the elements that have been specified */
if (secinfo_flags & OWNER_SECURITY_INFORMATION) {
if (secinfo_flags & SECINFO_OWNER) {
sd->owner_sid = new_sd->owner_sid;
}
if (secinfo_flags & GROUP_SECURITY_INFORMATION) {
if (secinfo_flags & SECINFO_GROUP) {
sd->group_sid = new_sd->group_sid;
}
if (secinfo_flags & DACL_SECURITY_INFORMATION) {
if (secinfo_flags & SECINFO_DACL) {
sd->dacl = new_sd->dacl;
}
if (secinfo_flags & SACL_SECURITY_INFORMATION) {
if (secinfo_flags & SECINFO_SACL) {
sd->sacl = new_sd->sacl;
}

24
source4/ntvfs/posix/pvfs_open.c
View File

@ -380,11 +380,11 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
return NT_STATUS_CANNOT_DELETE;
}
if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags = O_RDWR;
} else {
flags = O_RDONLY;
@ -460,7 +460,7 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
union smb_setfileinfo set;
set.set_secdesc.file.fnum = fnum;
set.set_secdesc.in.secinfo_flags = DACL_SECURITY_INFORMATION;
set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
set.set_secdesc.in.sd = io->ntcreatex.in.sec_desc;
status = pvfs_acl_set(pvfs, req, name, fd, &set);
@ -676,7 +676,7 @@ static NTSTATUS pvfs_open_deny_dos(struct ntvfs_module_context *ntvfs,
(f2->handle->create_options &
(NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
(f2->access_mask & SA_RIGHT_FILE_WRITE_DATA) &&
(f2->access_mask & SEC_FILE_WRITE_DATA) &&
StrCaseCmp(f2->handle->name->original_name,
io->generic.in.fname)==0) {
break;
@ -862,17 +862,17 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
share_access = io->generic.in.share_access;
access_mask = io->generic.in.access_mask;
if (access_mask & SEC_RIGHT_MAXIMUM_ALLOWED) {
if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) {
access_mask = GENERIC_RIGHTS_FILE_READ;
access_mask = SEC_RIGHTS_FILE_READ;
} else {
access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
}
}
/* certain create options are not allowed */
if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
!(access_mask & STD_RIGHT_DELETE_ACCESS)) {
!(access_mask & SEC_STD_DELETE)) {
return NT_STATUS_INVALID_PARAMETER;
}
@ -914,7 +914,7 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags |= O_RDWR;
} else {
flags |= O_RDONLY;
@ -1240,7 +1240,7 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_WRITE |
NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
STD_RIGHT_DELETE_ACCESS);
SEC_STD_DELETE);
return status;
}
@ -1263,7 +1263,7 @@ NTSTATUS pvfs_can_rename(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE,
0,
STD_RIGHT_DELETE_ACCESS);
SEC_STD_DELETE);
return status;
}

5
source4/ntvfs/posix/pvfs_read.c
View File

@ -23,6 +23,7 @@
#include "includes.h"
#include "vfs_posix.h"
#include "system/filesys.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
read from a file
@ -50,9 +51,9 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
mask = SA_RIGHT_FILE_READ_DATA;
mask = SEC_FILE_READ_DATA;
if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
mask |= SA_RIGHT_FILE_EXECUTE;
mask |= SEC_FILE_EXECUTE;
}
if (!(f->access_mask & mask)) {
return NT_STATUS_ACCESS_DENIED;

5
source4/ntvfs/posix/pvfs_setfileinfo.c
View File

@ -258,7 +258,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
case RAW_SFILEINFO_DISPOSITION_INFO:
case RAW_SFILEINFO_DISPOSITION_INFORMATION:
if (!(f->access_mask & STD_RIGHT_DELETE_ACCESS)) {
if (!(f->access_mask & SEC_STD_DELETE)) {
return NT_STATUS_ACCESS_DENIED;
}
create_options = h->create_options;
@ -322,7 +322,8 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
}
} else {
int ret;
if (f->access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
if (f->access_mask &
(SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA)) {
ret = ftruncate(h->fd, newstats.st.st_size);
} else {
ret = truncate(h->name->full_name, newstats.st.st_size);

3
source4/ntvfs/posix/pvfs_write.c
View File

@ -22,6 +22,7 @@
#include "includes.h"
#include "vfs_posix.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
@ -48,7 +49,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
if (!(f->access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA))) {
return NT_STATUS_ACCESS_VIOLATION;
}

19
source4/smb_server/service.c
View File

@ -161,25 +161,6 @@ static NTSTATUS make_connection_snum(struct smbsrv_request *req,
tcon->service = snum;
/*
* New code to check if there's a share security descripter
* added from NT server manager. This is done after the
* smb.conf checks are done as we need a uid and token. JRA.
*
*/
if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_WRITE_DATA)) {
if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_READ_DATA)) {
/* No access, read or write. */
DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
lp_servicename(snum)));
conn_free(req->smb_conn, tcon);
return NT_STATUS_ACCESS_DENIED;
} else {
tcon->read_only = True;
}
}
/* init ntvfs function pointers */
status = ntvfs_init_connection(req, type);
if (!NT_STATUS_IS_OK(status)) {

3
source4/smbd/rewrite.c
View File

@ -10,9 +10,6 @@
BOOL pcap_printername_ok(const char *service, const char *foo)
{ return True; }
BOOL share_access_check(struct smbsrv_request *req, struct smbsrv_tcon *tcon, int snum, uint32_t desired_access)
{ return True; }
/*
* initialize an smb process. Guaranteed to be called only once per
* smbd instance (so it can assume it is starting from scratch, and

14
source4/torture/basic/attr.c
View File

@ -21,6 +21,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
extern int torture_failures;
@ -103,7 +104,9 @@ BOOL torture_openattrtest(void)
for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32_t); i++) {
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_WRITE_DATA, open_attrs_table[i],
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SEC_FILE_WRITE_DATA,
open_attrs_table[i],
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -118,10 +121,11 @@ BOOL torture_openattrtest(void)
for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA,
open_attrs_table[j],
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE, 0, 0);
SEC_FILE_READ_DATA|
SEC_FILE_WRITE_DATA,
open_attrs_table[j],
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE, 0, 0);
if (fnum1 == -1) {
for (l = 0; l < ARRAY_SIZE(attr_results); l++) {

3
source4/torture/basic/charset.c
View File

@ -21,6 +21,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\chartest\\"
@ -67,7 +68,7 @@ static NTSTATUS unicode_open(struct smbcli_tree *tree,
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;

93
source4/torture/basic/delete.c
View File

@ -21,6 +21,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
@ -47,9 +48,11 @@ BOOL torture_test_delete(void)
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@ -80,9 +83,10 @@ BOOL torture_test_delete(void)
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@ -124,7 +128,7 @@ BOOL torture_test_delete(void)
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
GENERIC_RIGHTS_FILE_ALL_ACCESS,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@ -140,7 +144,7 @@ BOOL torture_test_delete(void)
with SHARE_DELETE. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
GENERIC_RIGHTS_FILE_READ,
SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OPEN, 0, 0);
@ -154,8 +158,11 @@ BOOL torture_test_delete(void)
/* This should succeed. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN, 0, 0);
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OPEN, 0, 0);
if (fnum2 == -1) {
printf("(%s) open - 2 of %s failed (%s)\n",
@ -211,12 +218,12 @@ BOOL torture_test_delete(void)
}
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SA_RIGHT_FILE_READ_DATA |
SA_RIGHT_FILE_WRITE_DATA |
STD_RIGHT_DELETE_ACCESS,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
SEC_FILE_READ_DATA |
SEC_FILE_WRITE_DATA |
SEC_STD_DELETE,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@ -226,7 +233,8 @@ BOOL torture_test_delete(void)
}
/* This should succeed. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_READ,
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE |
@ -255,7 +263,7 @@ BOOL torture_test_delete(void)
/* This should fail - no more opens once delete on close set. */
fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
GENERIC_RIGHTS_FILE_READ,
SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OPEN, 0, 0);
@ -309,7 +317,7 @@ BOOL torture_test_delete(void)
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA,
SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE |
@ -346,10 +354,11 @@ BOOL torture_test_delete(void)
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SA_RIGHT_FILE_READ_DATA |
SA_RIGHT_FILE_WRITE_DATA |
STD_RIGHT_DELETE_ACCESS,
FILE_ATTRIBUTE_NORMAL, 0, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
SEC_FILE_READ_DATA |
SEC_FILE_WRITE_DATA |
SEC_STD_DELETE,
FILE_ATTRIBUTE_NORMAL, 0,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@ -409,9 +418,13 @@ BOOL torture_test_delete(void)
goto fail;
}
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SEC_FILE_READ_DATA|
SEC_FILE_WRITE_DATA|
SEC_STD_DELETE,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
printf("(%s) open of %s failed (%s)\n",
@ -420,9 +433,13 @@ BOOL torture_test_delete(void)
goto fail;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OPEN, 0, 0);
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
SEC_FILE_READ_DATA|
SEC_FILE_WRITE_DATA|
SEC_STD_DELETE,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
NTCREATEX_DISP_OPEN, 0, 0);
if (fnum2 == -1) {
printf("(%s) open of %s failed (%s)\n",
@ -464,7 +481,7 @@ BOOL torture_test_delete(void)
/* This should fail - we need to set DELETE_ACCESS. */
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA,
SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF,
@ -480,7 +497,9 @@ BOOL torture_test_delete(void)
printf("ninth delete on close test succeeded.\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|STD_RIGHT_DELETE_ACCESS,
SEC_FILE_READ_DATA|
SEC_FILE_WRITE_DATA|
SEC_STD_DELETE,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF,
@ -514,9 +533,9 @@ BOOL torture_test_delete(void)
smbcli_setatr(cli1->tree, fname, 0, 0);
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
GENERIC_RIGHTS_FILE_ALL_ACCESS,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_READONLY,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@ -551,9 +570,11 @@ BOOL torture_test_delete(void)
/* test 12 - does having read only attribute still allow delete on close at time of open. */
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_READONLY,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_READONLY,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
if (fnum1 != -1) {
printf("(%s) open of %s succeeded. Should fail with NT_STATUS_CANNOT_DELETE.\n",

51
source4/torture/basic/denytest.c
View File

@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
extern BOOL torture_showall;
extern int torture_failures;
@ -1699,49 +1700,53 @@ static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2,
}} while (0)
*res = A_0;
if (am2 & SA_RIGHT_FILE_WRITE_APPEND) {
if (am2 & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
*res += A_W;
}
if (am2 & SA_RIGHT_FILE_READ_DATA) {
if (am2 & SEC_FILE_READ_DATA) {
*res += A_R;
} else if ((am2 & SA_RIGHT_FILE_EXECUTE) &&
} else if ((am2 & SEC_FILE_EXECUTE) &&
(flags2 & FLAGS2_READ_PERMIT_EXECUTE)) {
*res += A_R;
}
/* if either open involves no read.write or delete access then
it can't conflict */
if (!(am1 & (SA_RIGHT_FILE_WRITE_APPEND |
SA_RIGHT_FILE_READ_EXEC |
STD_RIGHT_DELETE_ACCESS))) {
if (!(am1 & (SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_READ_DATA |
SEC_FILE_EXECUTE |
SEC_STD_DELETE))) {
return NT_STATUS_OK;
}
if (!(am2 & (SA_RIGHT_FILE_WRITE_APPEND |
SA_RIGHT_FILE_READ_EXEC |
STD_RIGHT_DELETE_ACCESS))) {
if (!(am2 & (SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_READ_DATA |
SEC_FILE_EXECUTE |
SEC_STD_DELETE))) {
return NT_STATUS_OK;
}
/* check the basic share access */
CHECK_MASK(am1, sa2,
SA_RIGHT_FILE_WRITE_APPEND,
SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(am2, sa1,
SA_RIGHT_FILE_WRITE_APPEND,
SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(am1, sa2,
SA_RIGHT_FILE_READ_EXEC,
SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(am2, sa1,
SA_RIGHT_FILE_READ_EXEC,
SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
NTCREATEX_SHARE_ACCESS_READ);
CHECK_MASK(am1, sa2,
STD_RIGHT_DELETE_ACCESS,
SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
CHECK_MASK(am2, sa1,
STD_RIGHT_DELETE_ACCESS,
SEC_STD_DELETE,
NTCREATEX_SHARE_ACCESS_DELETE);
return NT_STATUS_OK;
@ -1758,14 +1763,14 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
{ NTCREATEX_SHARE_ACCESS_DELETE, "S_D" }
};
const struct bit_value access_mask_bits[] = {
{ SA_RIGHT_FILE_READ_DATA, "R_DATA" },
{ SA_RIGHT_FILE_WRITE_DATA, "W_DATA" },
{ SA_RIGHT_FILE_READ_ATTRIBUTES, "R_ATTR" },
{ SA_RIGHT_FILE_WRITE_ATTRIBUTES, "W_ATTR" },
{ SA_RIGHT_FILE_READ_EA, "R_EAS " },
{ SA_RIGHT_FILE_WRITE_EA, "W_EAS " },
{ SA_RIGHT_FILE_APPEND_DATA, "A_DATA" },
{ SA_RIGHT_FILE_EXECUTE, "EXEC " }
{ SEC_FILE_READ_DATA, "R_DATA" },
{ SEC_FILE_WRITE_DATA, "W_DATA" },
{ SEC_FILE_READ_ATTRIBUTE, "R_ATTR" },
{ SEC_FILE_WRITE_ATTRIBUTE, "W_ATTR" },
{ SEC_FILE_READ_EA, "R_EAS " },
{ SEC_FILE_WRITE_EA, "W_EAS " },
{ SEC_FILE_APPEND_DATA, "A_DATA" },
{ SEC_FILE_EXECUTE, "EXEC " }
};
int fnum1;
int i;

8
source4/torture/basic/dir.c
View File

@ -21,6 +21,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
static void list_fn(struct file_info *finfo, const char *name, void *state)
{
@ -109,8 +110,11 @@ BOOL torture_dirtest2(void)
for (i=0;i<torture_entries;i++) {
char *fname;
asprintf(&fname, "\\LISTDIR\\f%d", i);
fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_ARCHIVE,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum == -1) {
fprintf(stderr,"(%s) Failed to open %s, error=%s\n",
__location__, fname, smbcli_errstr(cli->tree));

3
source4/torture/basic/disconnect.c
View File

@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_disconnect"
@ -47,7 +48,7 @@ static BOOL test_disconnect_open(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_DATA;
io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;

7
source4/torture/basic/rename.c
View File

@ -21,6 +21,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
Test rename on files open with share delete and no share delete.
@ -42,7 +43,7 @@ BOOL torture_test_rename(void)
smbcli_unlink(cli1->tree, fname);
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
GENERIC_RIGHTS_FILE_READ,
SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@ -69,7 +70,7 @@ BOOL torture_test_rename(void)
smbcli_unlink(cli1->tree, fname);
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
GENERIC_RIGHTS_FILE_READ,
SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|NTCREATEX_SHARE_ACCESS_READ,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
@ -97,7 +98,7 @@ BOOL torture_test_rename(void)
smbcli_unlink(cli1->tree, fname1);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
STD_RIGHT_READ_CONTROL_ACCESS,
SEC_STD_READ_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF, 0, 0);

11
source4/torture/basic/scanner.c
View File

@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#define VERBOSE 0
#define OP_MIN 0
@ -255,10 +256,12 @@ BOOL torture_trans2_scan(void)
printf("file open failed - %s\n", smbcli_errstr(cli->tree));
}
dnum = smbcli_nt_create_full(cli->tree, "\\",
0, GENERIC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OPEN,
NTCREATEX_OPTIONS_DIRECTORY, 0);
0,
SEC_RIGHTS_FILE_READ,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OPEN,
NTCREATEX_OPTIONS_DIRECTORY, 0);
if (dnum == -1) {
printf("directory open failed - %s\n", smbcli_errstr(cli->tree));
}

3
source4/torture/basic/unlink.c
View File

@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
This test checks that
@ -81,7 +82,7 @@ BOOL torture_unlinktest(void)
io.ntcreatex.in.security_flags = 0;
io.ntcreatex.in.fname = fname;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
status = smb_raw_open(cli->tree, cli, &io);
if (!NT_STATUS_IS_OK(status)) {

11
source4/torture/basic/utable.c
View File

@ -20,6 +20,7 @@
#include "includes.h"
#include "system/iconv.h"
#include "librpc/gen_ndr/ndr_security.h"
BOOL torture_utable(void)
{
@ -148,13 +149,13 @@ BOOL torture_casetable(void)
fname = form_name(c);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
#if 0
SEC_RIGHT_MAXIMUM_ALLOWED,
SEC_RIGHT_MAXIMUM_ALLOWED,
#else
GENERIC_RIGHTS_FILE_ALL_ACCESS,
SEC_RIGHTS_FULL_CONTROL,
#endif
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OPEN_IF, 0, 0);
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum == -1) {
printf("Failed to create file with char %04x\n", c);

5
source4/torture/gentest.c
View File

@ -23,6 +23,7 @@
#include "system/time.h"
#include "request.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#define NSERVERS 2
#define NINSTANCES 2
@ -526,8 +527,8 @@ static uint32_t gen_ntcreatex_flags(void)
*/
static uint32_t gen_access_mask(void)
{
if (gen_chance(50)) return SEC_RIGHT_MAXIMUM_ALLOWED;
if (gen_chance(20)) return GENERIC_RIGHTS_FILE_ALL_ACCESS;
if (gen_chance(50)) return SEC_RIGHTS_MAXIMUM_ALLOWED;
if (gen_chance(20)) return SEC_FILE_ALL;
return gen_bits_mask(0xFFFFFFFF);
}

11
source4/torture/nbench/nbio.c
View File

@ -23,6 +23,7 @@
#include "includes.h"
#include "system/time.h"
#include "dlinklist.h"
#include "librpc/gen_ndr/ndr_security.h"
#define MAX_FILES 100
@ -247,13 +248,13 @@ void nb_createx(const char *fname,
mem_ctx = talloc_init("raw_open");
if (create_options & NTCREATEX_OPTIONS_DIRECTORY) {
desired_access = SA_RIGHT_FILE_READ_DATA;
desired_access = SEC_FILE_READ_DATA;
} else {
desired_access =
SA_RIGHT_FILE_READ_DATA |
SA_RIGHT_FILE_WRITE_DATA |
SA_RIGHT_FILE_READ_ATTRIBUTES |
SA_RIGHT_FILE_WRITE_ATTRIBUTES;
SEC_FILE_READ_DATA |
SEC_FILE_WRITE_DATA |
SEC_FILE_READ_ATTRIBUTE |
SEC_FILE_WRITE_ATTRIBUTE;
flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;

20
source4/torture/raw/acls.c
View File

@ -53,7 +53,7 @@ static BOOL test_sd(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
@ -71,9 +71,9 @@ static BOOL test_sd(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
q.query_secdesc.in.fnum = fnum;
q.query_secdesc.in.secinfo_flags =
OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION;
SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL;
status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
sd = q.query_secdesc.out.sd;
@ -84,7 +84,7 @@ static BOOL test_sd(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
ace.access_mask = STD_RIGHT_ALL_ACCESS;
ace.access_mask = SEC_STD_ALL;
ace.trustee = *test_sid;
status = security_descriptor_dacl_add(sd, &ace);
@ -154,7 +154,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
@ -179,9 +179,9 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
q.query_secdesc.in.fnum = fnum;
q.query_secdesc.in.secinfo_flags =
OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION;
SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL;
status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
sd = q.query_secdesc.out.sd;
@ -194,7 +194,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
ace.access_mask = STD_RIGHT_ALL_ACCESS;
ace.access_mask = SEC_STD_ALL;
ace.trustee = *test_sid;
status = security_descriptor_dacl_add(sd, &ace);

43
source4/torture/raw/chkpath.c
View File

@ -19,6 +19,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\rawchkpath"
@ -127,13 +128,13 @@ static BOOL test_chkpath(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
printf("testing Open on %s\n", "\\.\\\\\\\\\\\\.");
/* findfirst seems to fail with a different error. */
fnum1 = smbcli_nt_create_full(cli->tree, "\\.\\\\\\\\\\\\.",
0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
0, SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
@ -168,13 +169,13 @@ static BOOL test_chkpath(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
printf("testing Open on %s\n", BASEDIR".\\.\\.\\.\\foo\\..\\.\\");
/* findfirst seems to fail with a different error. */
fnum1 = smbcli_nt_create_full(cli->tree, BASEDIR".\\.\\.\\.\\foo\\..\\.\\",
0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
0, SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
@ -186,13 +187,13 @@ static BOOL test_chkpath(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
/* findfirst seems to fail with a different error. */
printf("testing Open on %s\n", BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3");
fnum1 = smbcli_nt_create_full(cli->tree, BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3",
0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
0, SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
status = smbcli_nt_error(cli->tree);
CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);

7
source4/torture/raw/context.c
View File

@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\rawcontext"
@ -139,7 +140,7 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@ -241,7 +242,7 @@ static BOOL test_tree(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@ -326,7 +327,7 @@ static BOOL test_pid(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;

5
source4/torture/raw/eas.c
View File

@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\testeas"
@ -105,7 +106,7 @@ static BOOL test_eas(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =
@ -206,7 +207,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access =

3
source4/torture/raw/mux.c
View File

@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_mux"
@ -51,7 +52,7 @@ static BOOL test_mux_open(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_DATA;
io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;

3
source4/torture/raw/notify.c
View File

@ -19,6 +19,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\test_notify"
@ -77,7 +78,7 @@ BOOL torture_raw_notify(void)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SA_RIGHT_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_FILE_ALL;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;

15
source4/torture/raw/open.c
View File

@ -21,6 +21,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "system/time.h"
#include "librpc/gen_ndr/ndr_security.h"
/* enum for whether reads/writes are possible on a file */
enum rdwr_mode {RDWR_NONE, RDWR_RDONLY, RDWR_WRONLY, RDWR_RDWR};
@ -430,7 +431,7 @@ static BOOL test_openx(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(io.openx.out.access_mask, STD_RIGHT_ALL_ACCESS);
CHECK_VAL(io.openx.out.access_mask, SEC_STD_ALL);
smbcli_close(cli->tree, io.openx.out.fnum);
done:
@ -620,7 +621,7 @@ static BOOL test_ntcreatex(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 1024*1024;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@ -706,7 +707,7 @@ static BOOL test_ntcreatex(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
/* create a directory */
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@ -718,7 +719,7 @@ static BOOL test_ntcreatex(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_rmdir(cli->tree, fname);
smbcli_unlink(cli->tree, fname);
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@ -793,7 +794,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 1024*1024;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@ -881,7 +882,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
/* create a directory */
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@ -893,7 +894,7 @@ static BOOL test_nttrans_create(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_rmdir(cli->tree, fname);
smbcli_unlink(cli->tree, fname);
io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
io.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;

9
source4/torture/raw/oplock.c
View File

@ -19,6 +19,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#define CHECK_VAL(v, correct) do { \
if ((v) != (correct)) { \
@ -107,7 +108,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
*/
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
@ -275,7 +276,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_ATTRIBUTES|SA_RIGHT_FILE_WRITE_ATTRIBUTES|STD_RIGHT_SYNCHRONIZE_ACCESS;
io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
fnum2 = io.ntcreatex.out.fnum;
@ -292,7 +293,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
io.ntcreatex.in.access_mask = SA_RIGHT_FILE_READ_ATTRIBUTES|SA_RIGHT_FILE_WRITE_ATTRIBUTES|STD_RIGHT_SYNCHRONIZE_ACCESS;
io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
@ -307,7 +308,7 @@ static BOOL test_oplock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
NTCREATEX_FLAGS_REQUEST_OPLOCK |
NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);

16
source4/torture/raw/qfileinfo.c
View File

@ -20,6 +20,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
static struct {
const char *name;
@ -554,13 +555,14 @@ BOOL torture_raw_qfileinfo(void)
/* and make sure we can open by alternate name */
smbcli_close(cli->tree, fnum);
fnum = smbcli_nt_create_full(cli->tree, correct_name, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
fnum = smbcli_nt_create_full(cli->tree, correct_name, 0,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
if (fnum == -1) {
printf("Unable to open by alt_name - %s\n", smbcli_errstr(cli->tree));
ret = False;

5
source4/torture/raw/rename.c
View File

@ -19,6 +19,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#define CHECK_STATUS(status, correct) do { \
if (!NT_STATUS_EQUAL(status, correct)) { \
@ -61,7 +62,7 @@ static BOOL test_mv(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
op.generic.level = RAW_OPEN_NTCREATEX;
op.ntcreatex.in.root_fid = 0;
op.ntcreatex.in.flags = 0;
op.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
op.ntcreatex.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
op.ntcreatex.in.create_options = 0;
op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
op.ntcreatex.in.share_access =
@ -88,7 +89,7 @@ static BOOL test_mv(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_close(cli->tree, fnum);
op.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_READ;
op.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
op.ntcreatex.in.share_access =
NTCREATEX_SHARE_ACCESS_DELETE |
NTCREATEX_SHARE_ACCESS_READ |

5
source4/torture/raw/streams.c
View File

@ -22,6 +22,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\teststreams"
@ -108,7 +109,7 @@ static BOOL test_stream_io(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SA_RIGHT_FILE_WRITE_DATA;
io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = 0;
@ -187,7 +188,7 @@ static BOOL test_stream_io(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io.ntcreatex.in.fname = sname2;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
io.ntcreatex.in.access_mask = GENERIC_RIGHTS_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FULL_CONTROL;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);

2
source4/torture/rpc/samr.c
View File

@ -1469,7 +1469,7 @@ static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
init_samr_String(&name, TEST_ALIASNAME);
r.in.domain_handle = domain_handle;
r.in.aliasname = &name;
r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.alias_handle = alias_handle;
r.out.rid = &rid;

1
source4/torture/rpc/svcctl.c
View File

@ -21,6 +21,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_svcctl.h"
#include "librpc/gen_ndr/ndr_security.h"
static BOOL test_EnumServicesStatus(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *h)
{

73
source4/torture/torture.c
View File

@ -26,6 +26,7 @@
#include "system/time.h"
#include "system/wait.h"
#include "ioctl.h"
#include "librpc/gen_ndr/ndr_security.h"
int torture_nprocs=4;
int torture_numops=100;
@ -895,9 +896,11 @@ static BOOL run_deferopen(struct smbcli_state *cli, int dummy)
do {
struct timeval tv;
tv = timeval_current();
fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OPEN_IF, 0, 0);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum != -1) {
break;
}
@ -1311,22 +1314,22 @@ static BOOL run_trans2test(void)
/* FIRST_DESIRED_ACCESS 0xf019f */
#define FIRST_DESIRED_ACCESS SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA|\
SA_RIGHT_FILE_READ_EA| /* 0xf */ \
SA_RIGHT_FILE_WRITE_EA|SA_RIGHT_FILE_READ_ATTRIBUTES| /* 0x90 */ \
SA_RIGHT_FILE_WRITE_ATTRIBUTES| /* 0x100 */ \
STD_RIGHT_DELETE_ACCESS|STD_RIGHT_READ_CONTROL_ACCESS|\
STD_RIGHT_WRITE_DAC_ACCESS|STD_RIGHT_WRITE_OWNER_ACCESS /* 0xf0000 */
#define FIRST_DESIRED_ACCESS SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA|\
SEC_FILE_READ_EA| /* 0xf */ \
SEC_FILE_WRITE_EA|SEC_FILE_READ_ATTRIBUTE| /* 0x90 */ \
SEC_FILE_WRITE_ATTRIBUTE| /* 0x100 */ \
SEC_STD_DELETE|SEC_STD_READ_CONTROL|\
SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER /* 0xf0000 */
/* SECOND_DESIRED_ACCESS 0xe0080 */
#define SECOND_DESIRED_ACCESS SA_RIGHT_FILE_READ_ATTRIBUTES| /* 0x80 */ \
STD_RIGHT_READ_CONTROL_ACCESS|STD_RIGHT_WRITE_DAC_ACCESS|\
STD_RIGHT_WRITE_OWNER_ACCESS /* 0xe0000 */
#define SECOND_DESIRED_ACCESS SEC_FILE_READ_ATTRIBUTE| /* 0x80 */ \
SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|\
SEC_STD_WRITE_OWNER /* 0xe0000 */
#if 0
#define THIRD_DESIRED_ACCESS FILE_READ_ATTRIBUTES| /* 0x80 */ \
READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|\
SA_RIGHT_FILE_READ_DATA|\
WRITE_OWNER_ACCESS /* */
#define THIRD_DESIRED_ACCESS FILE_READ_ATTRIBUTE| /* 0x80 */ \
READ_CONTROL|WRITE_DAC|\
SEC_FILE_READ_DATA|\
WRITE_OWNER /* */
#endif
/*
@ -1346,9 +1349,11 @@ static BOOL run_xcopy(void)
}
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
FIRST_DESIRED_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF,
0x4044, 0);
FIRST_DESIRED_ACCESS,
FILE_ATTRIBUTE_ARCHIVE,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OVERWRITE_IF,
0x4044, 0);
if (fnum1 == -1) {
printf("First open failed - %s\n", smbcli_errstr(cli1->tree));
@ -1388,7 +1393,7 @@ static BOOL run_pipe_number(void)
}
while(1) {
fnum = smbcli_nt_create_full(cli1->tree, pipe_name, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
fnum = smbcli_nt_create_full(cli1->tree, pipe_name, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum == -1) {
@ -1705,7 +1710,7 @@ error_test4:
printf("TEST #1 testing 2 non-io opens (no delete)\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -1714,7 +1719,7 @@ error_test4:
return False;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
printf("test 1 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
@ -1737,7 +1742,7 @@ error_test10:
printf("TEST #2 testing 2 non-io opens (first with delete)\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -1746,7 +1751,7 @@ error_test10:
return False;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@ -1770,7 +1775,7 @@ error_test20:
printf("TEST #3 testing 2 non-io opens (second with delete)\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -1779,7 +1784,7 @@ error_test20:
return False;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@ -1803,7 +1808,7 @@ error_test30:
printf("TEST #4 testing 2 non-io opens (both with delete)\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -1812,7 +1817,7 @@ error_test30:
return False;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 != -1) {
@ -1834,7 +1839,7 @@ error_test40:
printf("TEST #5 testing 2 non-io opens (both with delete - both with file share delete)\n");
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -1843,7 +1848,7 @@ error_test40:
return False;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@ -1868,7 +1873,7 @@ error_test50:
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -1877,7 +1882,7 @@ error_test50:
return False;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 == -1) {
@ -1902,7 +1907,7 @@ error_test60:
smbcli_unlink(cli1->tree, fname);
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SA_RIGHT_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
if (fnum1 == -1) {
@ -1911,7 +1916,7 @@ error_test60:
return False;
}
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, STD_RIGHT_DELETE_ACCESS|SA_RIGHT_FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
if (fnum2 != -1) {

18
source4/torture/torture_util.c
View File

@ -22,6 +22,7 @@
#include "libcli/raw/libcliraw.h"
#include "system/shmem.h"
#include "system/time.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
@ -52,7 +53,7 @@ int create_directory_handle(struct smbcli_tree *tree, const char *dname)
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.flags = 0;
io.ntcreatex.in.access_mask = SA_RIGHT_FILE_ALL_ACCESS;
io.ntcreatex.in.access_mask = SEC_FILE_ALL;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
@ -86,13 +87,14 @@ int create_complex_file(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const cha
NTSTATUS status;
smbcli_unlink(cli->tree, fname);
fnum = smbcli_nt_create_full(cli->tree, fname, 0, GENERIC_RIGHTS_FILE_ALL_ACCESS,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
SEC_RIGHTS_FULL_CONTROL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
if (fnum == -1) return -1;
smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));