summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-10-16 10:01:28 +1100
committerAndrew Tridgell <tridge@samba.org>2009-10-16 10:12:18 +1100
commit068e09847ad3e494a8b5176980b3c0d46ddf4618 (patch)
treeea3e590d7f9e6d8162efc90193c362112ffc72ee
parentc35f18513ac804b6734630a943d70811bb8fb2d0 (diff)
downloadsamba-068e09847ad3e494a8b5176980b3c0d46ddf4618.tar.gz
samba-068e09847ad3e494a8b5176980b3c0d46ddf4618.tar.bz2
samba-068e09847ad3e494a8b5176980b3c0d46ddf4618.zip
idl: added bit definition for privilege masks
When you have backup or restore privileges, you automatically get extra access bits in ACL interpretation. This adds definitions for the bits you get.
-rw-r--r--librpc/gen_ndr/security.h4
-rw-r--r--librpc/idl/security.idl15
2 files changed, 19 insertions, 0 deletions
diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
index 05df02ae8f..297ba18d7f 100644
--- a/librpc/gen_ndr/security.h
+++ b/librpc/gen_ndr/security.h
@@ -70,6 +70,10 @@
#define SEC_RIGHTS_DIR_WRITE ( SEC_RIGHTS_FILE_WRITE )
#define SEC_RIGHTS_DIR_EXECUTE ( SEC_RIGHTS_FILE_EXECUTE )
#define SEC_RIGHTS_DIR_ALL ( SEC_RIGHTS_FILE_ALL )
+#define SEC_RIGHTS_PRIV_BACKUP ( SEC_STD_READ_CONTROL|SEC_FLAG_SYSTEM_SECURITY|SEC_GENERIC_READ )
+#define SEC_RIGHTS_DIR_PRIV_BACKUP ( SEC_RIGHTS_PRIV_BACKUP|SEC_DIR_TRAVERSE )
+#define SEC_RIGHTS_PRIV_RESTORE ( SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|SEC_FLAG_SYSTEM_SECURITY|SEC_STD_DELETE )
+#define SEC_RIGHTS_DIR_PRIV_RESTORE ( SEC_RIGHTS_PRIV_RESTORE|SEC_DIR_ADD_FILE|SEC_DIR_ADD_SUBDIR )
#define STANDARD_RIGHTS_ALL_ACCESS ( SEC_STD_ALL )
#define STANDARD_RIGHTS_MODIFY_ACCESS ( SEC_STD_READ_CONTROL )
#define STANDARD_RIGHTS_EXECUTE_ACCESS ( SEC_STD_READ_CONTROL )
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 96d24b6685..c24dc64bd7 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -144,6 +144,21 @@ interface security
const int SEC_RIGHTS_DIR_EXECUTE = SEC_RIGHTS_FILE_EXECUTE;
const int SEC_RIGHTS_DIR_ALL = SEC_RIGHTS_FILE_ALL;
+ /* rights granted by some specific privileges */
+ const int SEC_RIGHTS_PRIV_BACKUP = SEC_STD_READ_CONTROL |
+ SEC_FLAG_SYSTEM_SECURITY |
+ SEC_GENERIC_READ;
+ const int SEC_RIGHTS_DIR_PRIV_BACKUP = SEC_RIGHTS_PRIV_BACKUP
+ | SEC_DIR_TRAVERSE;
+
+ const int SEC_RIGHTS_PRIV_RESTORE = SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER |
+ SEC_FLAG_SYSTEM_SECURITY |
+ SEC_STD_DELETE;
+ const int SEC_RIGHTS_DIR_PRIV_RESTORE = SEC_RIGHTS_PRIV_RESTORE |
+ SEC_DIR_ADD_FILE |
+ SEC_DIR_ADD_SUBDIR;
+
/* combinations of standard masks. */
const int STANDARD_RIGHTS_ALL_ACCESS = SEC_STD_ALL; /* 0x001f0000 */
const int STANDARD_RIGHTS_MODIFY_ACCESS = SEC_STD_READ_CONTROL; /* 0x00020000 */