r25730: Fix IDL for incorrect winreg_SetKeySecurity.

Guenther
(This used to be commit 767867c3ee126c3832750d1b1e7de81005c4eaff)

2 files changed, 18 insertions, 2 deletions

diff --git a/source4/librpc/idl/winreg.idl b/source4/librpc/idl/winreg.idl
index a0211ad1a2..d8f50990db 100644
--- a/source4/librpc/idl/winreg.idl
+++ b/source4/librpc/idl/winreg.idl
@@ -273,7 +273,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/* Function: 0x15 */
 	WERROR winreg_SetKeySecurity(
 		[in,ref] policy_handle *handle,
-		[in] winreg_AccessMask access_mask,
+		[in] security_secinfo sec_info,
 		[in,ref] KeySecurityData *sd
 	);
 
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index d9514ad9bb..4b00c03260 100644
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -228,6 +228,7 @@ static bool test_SetKeySecurity(struct dcerpc_pipe *p,
 	struct winreg_SetKeySecurity r;
 	struct KeySecurityData *sdata = NULL;
 	DATA_BLOB sdblob;
+	uint32_t sec_info;
 
 	ZERO_STRUCT(r);
 
@@ -245,8 +246,23 @@ static bool test_SetKeySecurity(struct dcerpc_pipe *p,
 	sdata->size = sdblob.length;
 	sdata->len = sdblob.length;
 
+	sec_info = SECINFO_UNPROTECTED_SACL | SECINFO_UNPROTECTED_DACL;
+
+	if (sd->owner_sid) {
+		sec_info |= SECINFO_OWNER;
+	}
+	if (sd->group_sid) {
+		sec_info |= SECINFO_GROUP;
+	}
+	if (sd->sacl) {
+		sec_info |= SECINFO_SACL;
+	}
+	if (sd->dacl) {
+		sec_info |= SECINFO_DACL;
+	}
+
 	r.in.handle = handle;
-	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.sec_info = sec_info;
 	r.in.sd = sdata;
 
 	torture_assert_ntstatus_ok(tctx,