Merge branch 'master' of ssh://git.samba.org/data/git/samba

2 files changed, 149 insertions, 0 deletions

diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h
index 62f6bf8de6..e5d009e0d9 100644
--- a/source3/librpc/gen_ndr/samr.h
+++ b/source3/librpc/gen_ndr/samr.h
@@ -8,6 +8,31 @@
 #ifndef _HEADER_samr
 #define _HEADER_samr
 
+#define SAMR_ACCESS_ALL_ACCESS	( 0x0000003F )
+#define GENERIC_RIGHTS_SAM_ALL_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_SAM_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ACCESS_ENUM_DOMAINS) )
+#define GENERIC_RIGHTS_SAM_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ACCESS_CREATE_DOMAIN|SAMR_ACCESS_INITIALIZE_SERVER|SAMR_ACCESS_SHUTDOWN_SERVER) )
+#define GENERIC_RIGHTS_SAM_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_OPEN_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER) )
+#define SAMR_USER_ACCESS_ALL_ACCESS	( 0x000007FF )
+#define GENERIC_RIGHTS_USER_ALL_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_USER_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_USER_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP|SAMR_USER_ACCESS_GET_GROUPS|SAMR_USER_ACCESS_GET_ATTRIBUTES|SAMR_USER_ACCESS_GET_LOGONINFO|SAMR_USER_ACCESS_GET_LOCALE) )
+#define GENERIC_RIGHTS_USER_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_USER_ACCESS_CHANGE_PASSWORD|SAMR_USER_ACCESS_SET_LOC_COM|SAMR_USER_ACCESS_SET_ATTRIBUTES|SAMR_USER_ACCESS_SET_PASSWORD|SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP) )
+#define GENERIC_RIGHTS_USER_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_USER_ACCESS_CHANGE_PASSWORD|SAMR_USER_ACCESS_GET_NAME_ETC) )
+#define SAMR_DOMAIN_ACCESS_ALL_ACCESS	( 0x000007FF )
+#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_DOMAIN_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_DOMAIN_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2) )
+#define GENERIC_RIGHTS_DOMAIN_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_DOMAIN_ACCESS_SET_INFO_3|SAMR_DOMAIN_ACCESS_CREATE_ALIAS|SAMR_DOMAIN_ACCESS_CREATE_GROUP|SAMR_DOMAIN_ACCESS_CREATE_USER|SAMR_DOMAIN_ACCESS_SET_INFO_2|SAMR_DOMAIN_ACCESS_SET_INFO_1) )
+#define GENERIC_RIGHTS_DOMAIN_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT|SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1) )
+#define SAMR_GROUP_ACCESS_ALL_ACCESS	( 0x0000001F )
+#define GENERIC_RIGHTS_GROUP_ALL_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_GROUP_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_GROUP_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_GROUP_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_GROUP_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_GROUP_ACCESS_REMOVE_MEMBER|SAMR_GROUP_ACCESS_ADD_MEMBER|SAMR_GROUP_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_GROUP_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_GROUP_ACCESS_LOOKUP_INFO) )
+#define SAMR_ALIAS_ACCESS_ALL_ACCESS	( 0x0000001F )
+#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ALIAS_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_ALIAS_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ALIAS_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_ALIAS_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ALIAS_ACCESS_REMOVE_MEMBER|SAMR_ALIAS_ACCESS_ADD_MEMBER|SAMR_ALIAS_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_ALIAS_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ALIAS_ACCESS_LOOKUP_INFO) )
 #define MAX_SAM_ENTRIES_W2K	( 0x400 )
 #define MAX_SAM_ENTRIES_W95	( 50 )
 #define SAMR_ENUM_USERS_MULTIPLIER	( 54 )
diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl
index cd5fe07845..9f72657620 100644
--- a/source3/librpc/idl/samr.idl
+++ b/source3/librpc/idl/samr.idl
@@ -40,6 +40,8 @@ import "misc.idl", "lsa.idl", "security.idl";
 		ACB_NO_AUTH_DATA_REQD		= 0x00080000   /* 1 = No authorization data required */
 	} samr_AcctFlags;
 
+	/* SAM server specific access rights */
+
 	typedef [bitmap32bit] bitmap {
 		SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
 		SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
@@ -49,6 +51,29 @@ import "misc.idl", "lsa.idl", "security.idl";
 		SAMR_ACCESS_OPEN_DOMAIN         = 0x00000020
 	} samr_ConnectAccessMask;
 
+	const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
+
+	const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
+		(STANDARD_RIGHTS_REQUIRED_ACCESS	|
+		 SAMR_ACCESS_ALL_ACCESS);
+
+	const int GENERIC_RIGHTS_SAM_READ =
+		(STANDARD_RIGHTS_READ_ACCESS		|
+		 SAMR_ACCESS_ENUM_DOMAINS);
+
+	const int GENERIC_RIGHTS_SAM_WRITE =
+		(STANDARD_RIGHTS_WRITE_ACCESS		|
+		 SAMR_ACCESS_CREATE_DOMAIN		|
+		 SAMR_ACCESS_INITIALIZE_SERVER		|
+		 SAMR_ACCESS_SHUTDOWN_SERVER);
+
+	const int GENERIC_RIGHTS_SAM_EXECUTE =
+		(STANDARD_RIGHTS_EXECUTE_ACCESS		|
+		 SAMR_ACCESS_OPEN_DOMAIN		|
+		 SAMR_ACCESS_CONNECT_TO_SERVER);
+
+	/* User Object specific access rights */
+
 	typedef [bitmap32bit] bitmap {
 		SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
 		SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
@@ -63,6 +88,35 @@ import "misc.idl", "lsa.idl", "security.idl";
 		SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
 	} samr_UserAccessMask;
 
+	const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
+
+	const int GENERIC_RIGHTS_USER_ALL_ACCESS =
+		(STANDARD_RIGHTS_REQUIRED_ACCESS	|
+		 SAMR_USER_ACCESS_ALL_ACCESS);	/* 0x000f07ff */
+
+	const int GENERIC_RIGHTS_USER_READ =
+		(STANDARD_RIGHTS_READ_ACCESS		|
+		 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP	|
+		 SAMR_USER_ACCESS_GET_GROUPS		|
+		 SAMR_USER_ACCESS_GET_ATTRIBUTES	|
+		 SAMR_USER_ACCESS_GET_LOGONINFO		|
+		 SAMR_USER_ACCESS_GET_LOCALE);	/* 0x0002031a */
+
+	const int GENERIC_RIGHTS_USER_WRITE =
+		(STANDARD_RIGHTS_WRITE_ACCESS		|
+		 SAMR_USER_ACCESS_CHANGE_PASSWORD	|
+		 SAMR_USER_ACCESS_SET_LOC_COM		|
+		 SAMR_USER_ACCESS_SET_ATTRIBUTES	|
+		 SAMR_USER_ACCESS_SET_PASSWORD		|
+		 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP);	/* 0x000204e4 */
+
+	const int GENERIC_RIGHTS_USER_EXECUTE =
+		(STANDARD_RIGHTS_EXECUTE_ACCESS		|
+		 SAMR_USER_ACCESS_CHANGE_PASSWORD	|
+		 SAMR_USER_ACCESS_GET_NAME_ETC);	/* 0x00020041 */
+
+	/* Domain Object specific access rights */
+
 	typedef [bitmap32bit] bitmap {
 		SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
 		SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
@@ -77,6 +131,34 @@ import "misc.idl", "lsa.idl", "security.idl";
 		SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
 	} samr_DomainAccessMask;
 
+	const int SAMR_DOMAIN_ACCESS_ALL_ACCESS	= 0x000007FF;
+
+	const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
+		(STANDARD_RIGHTS_REQUIRED_ACCESS	|
+		 SAMR_DOMAIN_ACCESS_ALL_ACCESS);
+
+	const int GENERIC_RIGHTS_DOMAIN_READ =
+		(STANDARD_RIGHTS_READ_ACCESS		|
+		 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS	|
+		 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
+
+	const int GENERIC_RIGHTS_DOMAIN_WRITE =
+		(STANDARD_RIGHTS_WRITE_ACCESS		|
+		 SAMR_DOMAIN_ACCESS_SET_INFO_3		|
+		 SAMR_DOMAIN_ACCESS_CREATE_ALIAS	|
+		 SAMR_DOMAIN_ACCESS_CREATE_GROUP	|
+		 SAMR_DOMAIN_ACCESS_CREATE_USER		|
+		 SAMR_DOMAIN_ACCESS_SET_INFO_2		|
+		 SAMR_DOMAIN_ACCESS_SET_INFO_1);
+
+	const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
+		(STANDARD_RIGHTS_EXECUTE_ACCESS		|
+		 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT	|
+		 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS	|
+		 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
+
+	/* Group Object specific access rights */
+
 	typedef [bitmap32bit] bitmap {
 		SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
 		SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
@@ -85,6 +167,28 @@ import "misc.idl", "lsa.idl", "security.idl";
 		SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
 	} samr_GroupAccessMask;
 
+	const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
+
+	const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
+		(STANDARD_RIGHTS_REQUIRED_ACCESS	|
+		 SAMR_GROUP_ACCESS_ALL_ACCESS);	/* 0x000f001f */
+
+	const int GENERIC_RIGHTS_GROUP_READ =
+		(STANDARD_RIGHTS_READ_ACCESS		|
+		 SAMR_GROUP_ACCESS_GET_MEMBERS);	/* 0x00020010 */
+
+	const int GENERIC_RIGHTS_GROUP_WRITE =
+		(STANDARD_RIGHTS_WRITE_ACCESS		|
+		 SAMR_GROUP_ACCESS_REMOVE_MEMBER	|
+		 SAMR_GROUP_ACCESS_ADD_MEMBER		|
+		 SAMR_GROUP_ACCESS_SET_INFO);	/* 0x0002000e */
+
+	const int GENERIC_RIGHTS_GROUP_EXECUTE =
+		(STANDARD_RIGHTS_EXECUTE_ACCESS		|
+		 SAMR_GROUP_ACCESS_LOOKUP_INFO);	/* 0x00020001 */
+
+	/* Alias Object specific access rights */
+
 	typedef [bitmap32bit] bitmap {
 		SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
 		SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
@@ -93,6 +197,26 @@ import "misc.idl", "lsa.idl", "security.idl";
 		SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
 	} samr_AliasAccessMask;
 
+	const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
+
+	const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
+		(STANDARD_RIGHTS_REQUIRED_ACCESS	|
+		 SAMR_ALIAS_ACCESS_ALL_ACCESS);	/* 0x000f001f */
+
+	const int GENERIC_RIGHTS_ALIAS_READ =
+		(STANDARD_RIGHTS_READ_ACCESS		|
+		 SAMR_ALIAS_ACCESS_GET_MEMBERS);	/* 0x00020004 */
+
+	const int GENERIC_RIGHTS_ALIAS_WRITE =
+		(STANDARD_RIGHTS_WRITE_ACCESS		|
+		 SAMR_ALIAS_ACCESS_REMOVE_MEMBER	|
+		 SAMR_ALIAS_ACCESS_ADD_MEMBER		|
+		 SAMR_ALIAS_ACCESS_SET_INFO);	/* 0x00020013 */
+
+	const int GENERIC_RIGHTS_ALIAS_EXECUTE =
+		(STANDARD_RIGHTS_EXECUTE_ACCESS		|
+		 SAMR_ALIAS_ACCESS_LOOKUP_INFO);	/* 0x00020008 */
+
 	/******************/
 	/* Function: 0x00 */
 	NTSTATUS samr_Connect (