r4011: get rid of rpc_secdes.h and replace it with a single sane set of

definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)

3 files changed, 2 insertions, 345 deletions

diff --git a/source4/include/includes.h b/source4/include/includes.h
index c5842f84da..6335780b89 100644
--- a/source4/include/includes.h
+++ b/source4/include/includes.h
@@ -169,7 +169,6 @@ extern int errno;
 #include "enums.h"
 #include "pstring.h"
 #include "smb_macros.h"
-#include "rpc_secdes.h"
 #include "smb.h"
 #include "ads.h"
 #include "lib/socket/socket.h"
diff --git a/source4/include/rpc_secdes.h b/source4/include/rpc_secdes.h
deleted file mode 100644
index 1a7e56974a..0000000000
--- a/source4/include/rpc_secdes.h
+++ /dev/null
@@ -1,344 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   SMB parameters and setup
-   Copyright (C) Andrew Tridgell              1992-2000
-   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-typedef struct security_descriptor SEC_DESC;
-
-#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
-#define _RPC_SECDES_H 
-
-#define SEC_RIGHTS_QUERY_VALUE		0x00000001
-#define SEC_RIGHTS_SET_VALUE		0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY	0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS		0x00000008
-#define SEC_RIGHTS_NOTIFY		0x00000010
-#define SEC_RIGHTS_CREATE_LINK		0x00000020
-#define SEC_RIGHTS_READ			0x00020019
-#define SEC_RIGHTS_FULL_CONTROL		0x000f003f
-#define SEC_RIGHTS_MAXIMUM_ALLOWED	0x02000000
-
-/* for ADS */
-#define	SEC_RIGHTS_LIST_CONTENTS	0x4
-#define SEC_RIGHTS_LIST_OBJECT		0x80
-#define	SEC_RIGHTS_READ_ALL_PROP	0x10
-#define	SEC_RIGHTS_READ_PERMS		0x20000
-#define SEC_RIGHTS_WRITE_ALL_VALID	0x8
-#define	SEC_RIGHTS_WRITE_ALL_PROP	0x20     
-#define SEC_RIGHTS_MODIFY_OWNER		0x80000
-#define	SEC_RIGHTS_MODIFY_PERMS		0x40000
-#define	SEC_RIGHTS_CREATE_CHILD		0x1
-#define	SEC_RIGHTS_DELETE_CHILD		0x2
-#define SEC_RIGHTS_DELETE_SUBTREE	0x40
-#define SEC_RIGHTS_DELETE               0x10000 /* advanced/special/object/delete */
-#define SEC_RIGHTS_EXTENDED		0x100 /* change/reset password, receive/send as*/
-#define	SEC_RIGHTS_CHANGE_PASSWD	SEC_RIGHTS_EXTENDED
-#define	SEC_RIGHTS_RESET_PASSWD		SEC_RIGHTS_EXTENDED
-#define SEC_RIGHTS_FULL_CTRL		0xf01ff
-
-/* Don't know what this means. */
-
-/* security information flags used in query_secdesc and set_secdesc */
-#define OWNER_SECURITY_INFORMATION	0x00000001
-#define GROUP_SECURITY_INFORMATION	0x00000002
-#define DACL_SECURITY_INFORMATION	0x00000004
-#define SACL_SECURITY_INFORMATION	0x00000008
-
-/* Extra W2K flags. */
-#define UNPROTECTED_SACL_SECURITY_INFORMATION	0x10000000
-#define UNPROTECTED_DACL_SECURITY_INFORMATION	0x20000000
-#define PROTECTED_SACL_SECURITY_INFORMATION	0x40000000
-#define PROTECTED_DACL_SECURITY_INFORMATION	0x80000000
-
-#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
-					DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
-					UNPROTECTED_SACL_SECURITY_INFORMATION|\
-					UNPROTECTED_DACL_SECURITY_INFORMATION|\
-					PROTECTED_SACL_SECURITY_INFORMATION|\
-					PROTECTED_DACL_SECURITY_INFORMATION)
-
-#ifndef ACL_REVISION
-#define ACL_REVISION 0x3
-#endif
-
-#ifndef NT4_ACL_REVISION
-#define NT4_ACL_REVISION 0x2
-#endif
-
-#ifndef SEC_DESC_REVISION
-#define SEC_DESC_REVISION 0x1
-#endif
-
-
-/* Security Access Masks Rights */
-
-#define SPECIFIC_RIGHTS_MASK	0x0000FFFF
-#define STANDARD_RIGHTS_MASK	0x00FF0000
-#define GENERIC_RIGHTS_MASK	0xF0000000
-
-#define SEC_RIGHT_SYSTEM_SECURITY	0x01000000
-#define SEC_RIGHT_MAXIMUM_ALLOWED	0x02000000
-
-/* Generic access rights */
-
-#define GENERIC_RIGHT_ALL_ACCESS	0x10000000
-#define GENERIC_RIGHT_EXECUTE_ACCESS	0x20000000
-#define GENERIC_RIGHT_WRITE_ACCESS	0x40000000
-#define GENERIC_RIGHT_READ_ACCESS	0x80000000
-
-/* Standard access rights. */
-
-#define STD_RIGHT_DELETE_ACCESS		0x00010000
-#define STD_RIGHT_READ_CONTROL_ACCESS	0x00020000
-#define STD_RIGHT_WRITE_DAC_ACCESS	0x00040000
-#define STD_RIGHT_WRITE_OWNER_ACCESS	0x00080000
-#define STD_RIGHT_SYNCHRONIZE_ACCESS	0x00100000
-
-#define STD_RIGHT_ALL_ACCESS		0x001F0000
-
-/* Combinations of standard masks. */
-#define STANDARD_RIGHTS_ALL_ACCESS	STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
-#define STANDARD_RIGHTS_EXECUTE_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_READ_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_REQUIRED_ACCESS \
-		(STD_RIGHT_DELETE_ACCESS	| \
-		STD_RIGHT_READ_CONTROL_ACCESS	| \
-		STD_RIGHT_WRITE_DAC_ACCESS	| \
-		STD_RIGHT_WRITE_OWNER_ACCESS)	/* 0x000f0000 */
-
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA		0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA	0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA	0x00000004
-#define SA_RIGHT_FILE_READ_EA		0x00000008
-#define SA_RIGHT_FILE_WRITE_EA		0x00000010
-#define SA_RIGHT_FILE_EXECUTE		0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD	0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES	0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES	0x00000100
-#define SA_RIGHT_FILE_READ_EXEC		(SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE)
-#define SA_RIGHT_FILE_WRITE_APPEND	(SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA)
-
-#define SA_RIGHT_FILE_ALL_ACCESS	0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ	\
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_READ_DATA		| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
-		SA_RIGHT_FILE_WRITE_DATA	| \
-		SA_RIGHT_FILE_WRITE_ATTRIBUTES	| \
-		SA_RIGHT_FILE_WRITE_EA		| \
-		SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
-		SA_RIGHT_FILE_EXECUTE)            
-
-
-/* directory specific access rights */
-#define SA_RIGHT_DIR_LIST              0x0001
-#define SA_RIGHT_DIR_ADD_FILE          0x0002
-#define SA_RIGHT_DIR_ADD_SUBDIRECTORY  0x0004
-#define SA_RIGHT_DIR_TRAVERSE          0x0020
-#define SA_RIGHT_DIR_DELETE_CHILD      0x0040
-
-		
-/* SAM server specific access rights */
-
-#define SA_RIGHT_SAM_CONNECT_SERVER	0x00000001
-#define SA_RIGHT_SAM_SHUTDOWN_SERVER	0x00000002
-#define SA_RIGHT_SAM_INITIALISE_SERVER	0x00000004
-#define SA_RIGHT_SAM_CREATE_DOMAIN	0x00000008
-#define SA_RIGHT_SAM_ENUM_DOMAINS	0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN	0x00000020
-
-#define SA_RIGHT_SAM_ALL_ACCESS		0x0000003F
-
-#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		SA_RIGHT_SAM_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_SAM_READ	\
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		SA_RIGHT_SAM_ENUM_DOMAINS)
-
-#define GENERIC_RIGHTS_SAM_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		SA_RIGHT_SAM_CREATE_DOMAIN	| \
-		SA_RIGHT_SAM_INITIALISE_SERVER	| \
-		SA_RIGHT_SAM_SHUTDOWN_SERVER)
-
-#define GENERIC_RIGHTS_SAM_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_SAM_OPEN_DOMAIN	| \
-		SA_RIGHT_SAM_CONNECT_SERVER)            
-
-
-/* Domain Object specific access rights */
-
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1		0x00000001
-#define SA_RIGHT_DOMAIN_SET_INFO_1		0x00000002
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2		0x00000004
-#define SA_RIGHT_DOMAIN_SET_INFO_2		0x00000008
-#define SA_RIGHT_DOMAIN_CREATE_USER		0x00000010
-#define SA_RIGHT_DOMAIN_CREATE_GROUP		0x00000020
-#define SA_RIGHT_DOMAIN_CREATE_ALIAS		0x00000040
-#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM	0x00000080
-#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS		0x00000100
-#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT		0x00000200
-#define SA_RIGHT_DOMAIN_SET_INFO_3		0x00000400
-
-#define SA_RIGHT_DOMAIN_ALL_ACCESS		0x000007FF
-
-#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		SA_RIGHT_DOMAIN_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_DOMAIN_READ \
-		(STANDARD_RIGHTS_READ_ACCESS		| \
-		SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM	| \
-		SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
-
-#define GENERIC_RIGHTS_DOMAIN_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		SA_RIGHT_DOMAIN_SET_INFO_3	| \
-		SA_RIGHT_DOMAIN_CREATE_ALIAS	| \
-		SA_RIGHT_DOMAIN_CREATE_GROUP	| \
-		SA_RIGHT_DOMAIN_CREATE_USER	| \
-		SA_RIGHT_DOMAIN_SET_INFO_2	| \
-		SA_RIGHT_DOMAIN_SET_INFO_1)
-
-#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_DOMAIN_OPEN_ACCOUNT	| \
-		SA_RIGHT_DOMAIN_ENUM_ACCOUNTS	| \
-		SA_RIGHT_DOMAIN_LOOKUP_INFO_1)            
-
-
-/* User Object specific access rights */
-
-#define SA_RIGHT_USER_GET_NAME_ETC	0x00000001
-#define SA_RIGHT_USER_GET_LOCALE	0x00000002
-#define SA_RIGHT_USER_SET_LOC_COM	0x00000004
-#define SA_RIGHT_USER_GET_LOGONINFO	0x00000008
-#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY	0x00000010
-#define SA_RIGHT_USER_SET_ATTRIBUTES	0x00000020
-#define SA_RIGHT_USER_CHANGE_PASSWORD	0x00000040
-#define SA_RIGHT_USER_SET_PASSWORD	0x00000080
-#define SA_RIGHT_USER_GET_GROUPS	0x00000100
-#define SA_RIGHT_USER_READ_GROUP_MEM	0x00000200
-#define SA_RIGHT_USER_CHANGE_GROUP_MEM	0x00000400
-
-#define SA_RIGHT_USER_ALL_ACCESS	0x000007FF
-
-#define GENERIC_RIGHTS_USER_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		SA_RIGHT_USER_ALL_ACCESS)	/* 0x000f07ff */
-
-#define GENERIC_RIGHTS_USER_READ \
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		SA_RIGHT_USER_READ_GROUP_MEM	| \
-		SA_RIGHT_USER_GET_GROUPS	| \
-		SA_RIGHT_USER_ACCT_FLAGS_EXPIRY	| \
-		SA_RIGHT_USER_GET_LOGONINFO	| \
-		SA_RIGHT_USER_GET_LOCALE)	/* 0x0002031a */
-
-#define GENERIC_RIGHTS_USER_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		SA_RIGHT_USER_CHANGE_PASSWORD	| \
-		SA_RIGHT_USER_SET_LOC_COM)	/* 0x00020044 */
-
-#define GENERIC_RIGHTS_USER_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_USER_CHANGE_PASSWORD	| \
-		SA_RIGHT_USER_GET_NAME_ETC )	/* 0x00020041 */
-
-
-/* Group Object specific access rights */
-
-#define SA_RIGHT_GROUP_LOOKUP_INFO	0x00000001
-#define SA_RIGHT_GROUP_SET_INFO		0x00000002
-#define SA_RIGHT_GROUP_ADD_MEMBER	0x00000004
-#define SA_RIGHT_GROUP_REMOVE_MEMBER	0x00000008
-#define SA_RIGHT_GROUP_GET_MEMBERS	0x00000010
-
-#define SA_RIGHT_GROUP_ALL_ACCESS	0x0000001F
-
-#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		SA_RIGHT_GROUP_ALL_ACCESS)	/* 0x000f001f */
-
-#define GENERIC_RIGHTS_GROUP_READ \
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		SA_RIGHT_GROUP_GET_MEMBERS)	/* 0x00020010 */
-
-#define GENERIC_RIGHTS_GROUP_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		SA_RIGHT_GROUP_REMOVE_MEMBER	| \
-		SA_RIGHT_GROUP_ADD_MEMBER	| \
-		SA_RIGHT_GROUP_SET_INFO )	/* 0x0002000e */
-
-#define GENERIC_RIGHTS_GROUP_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_GROUP_LOOKUP_INFO)	/* 0x00020001 */
-
-
-/* Alias Object specific access rights */
-
-#define SA_RIGHT_ALIAS_ADD_MEMBER	0x00000001
-#define SA_RIGHT_ALIAS_REMOVE_MEMBER	0x00000002
-#define SA_RIGHT_ALIAS_GET_MEMBERS	0x00000004
-#define SA_RIGHT_ALIAS_LOOKUP_INFO	0x00000008
-#define SA_RIGHT_ALIAS_SET_INFO		0x00000010
-
-#define SA_RIGHT_ALIAS_ALL_ACCESS 	0x0000001F
-
-#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		SA_RIGHT_ALIAS_ALL_ACCESS)	/* 0x000f001f */
-
-#define GENERIC_RIGHTS_ALIAS_READ \
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		SA_RIGHT_ALIAS_GET_MEMBERS )	/* 0x00020004 */
-
-#define GENERIC_RIGHTS_ALIAS_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		SA_RIGHT_ALIAS_REMOVE_MEMBER	| \
-		SA_RIGHT_ALIAS_ADD_MEMBER	| \
-		SA_RIGHT_ALIAS_SET_INFO )	/* 0x00020013 */
-
-#define GENERIC_RIGHTS_ALIAS_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_ALIAS_LOOKUP_INFO )	/* 0x00020008 */
-
-#endif /* _RPC_SECDES_H */
diff --git a/source4/include/structs.h b/source4/include/structs.h
index ae3713eefd..4204cdab15 100644
--- a/source4/include/structs.h
+++ b/source4/include/structs.h
@@ -125,3 +125,5 @@ struct ldb_message;
 struct security_token;
 struct security_acl;
 struct security_ace;
+
+typedef struct security_descriptor SEC_DESC;