diff options
Diffstat (limited to 'source4/librpc/idl/security.idl')
| -rw-r--r-- | source4/librpc/idl/security.idl | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 9625153ec1..817b57a780 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -6,6 +6,90 @@ interface security { + /* + access masks are divided up like this: + 0xabccdddd + where + a = generic rights bits SEC_GENERIC_ + b = flags SEC_FLAG_ + c = standard rights bits SEC_STD_ + d = object type specific bits SEC_{FILE,DIR,REG,xxx}_ + + common combinations of bits are prefixed with SEC_RIGHTS_ + */ + const int SEC_MASK_GENERIC = 0xF0000000; + const int SEC_MASK_FLAGS = 0x0F000000; + const int SEC_MASK_STANDARD = 0x00FF0000; + const int SEC_MASK_SPECIFIC = 0x0000FFFF; + + /* generic bits */ + const int SEC_GENERIC_ALL = 0x10000000; + const int SEC_GENERIC_EXECUTE = 0x20000000; + const int SEC_GENERIC_WRITE = 0x40000000; + const int SEC_GENERIC_READ = 0x80000000; + + /* flag bits */ + const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000; + const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000; + + /* standard bits */ + const int SEC_STD_DELETE = 0x00010000; + const int SEC_STD_READ_CONTROL = 0x00020000; + const int SEC_STD_WRITE_DAC = 0x00040000; + const int SEC_STD_WRITE_OWNER = 0x00080000; + const int SEC_STD_SYNCHRONIZE = 0x00100000; + const int SEC_STD_REQUIRED = 0x000F0000; + const int SEC_STD_ALL = 0x001F0000; + + /* file specific bits */ + const int SEC_FILE_READ_DATA = 0x00000001; + const int SEC_FILE_WRITE_DATA = 0x00000002; + const int SEC_FILE_APPEND_DATA = 0x00000004; + const int SEC_FILE_READ_EA = 0x00000008; + const int SEC_FILE_WRITE_EA = 0x00000010; + const int SEC_FILE_EXECUTE = 0x00000020; + const int SEC_FILE_READ_ATTRIBUTE = 0x00000080; + const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100; + const int SEC_FILE_ALL = 0x000001ff; + + /* directory specific bits */ + const int SEC_DIR_LIST = 0x00000001; + const int SEC_DIR_ADD_FILE = 0x00000002; + const int SEC_DIR_ADD_SUBDIR = 0x00000004; + const int SEC_DIR_READ_EA = 0x00000008; + const int SEC_DIR_WRITE_EA = 0x00000010; + const int SEC_DIR_TRAVERSE = 0x00000020; + const int SEC_DIR_DELETE_CHILD = 0x00000040; + const int SEC_DIR_READ_ATTRIBUTE = 0x00000080; + const int SEC_DIR_WRITE_ATTRIBUTE = 0x00000100; + + /* registry entry specific bits */ + const int SEC_REG_QUERY_VALUE = 0x00000001; + const int SEC_REG_SET_VALUE = 0x00000002; + const int SEC_REG_CREATE_SUBKEY = 0x00000004; + const int SEC_REG_ENUM_SUBKEYS = 0x00000008; + const int SEC_REG_NOTIFY = 0x00000010; + const int SEC_REG_CREATE_LINK = 0x00000020; + + /* common combinations of bits */ + const int SEC_RIGHTS_FULL_CONTROL = SEC_STD_ALL | SEC_FILE_ALL; + + const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL | + SEC_STD_SYNCHRONIZE | + SEC_FILE_READ_DATA | + SEC_FILE_READ_ATTRIBUTE | + SEC_FILE_READ_EA; + + const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL | + SEC_STD_SYNCHRONIZE | + SEC_FILE_WRITE_DATA | + SEC_FILE_WRITE_ATTRIBUTE | + SEC_FILE_WRITE_EA | + SEC_FILE_APPEND_DATA; + + const int SEC_RIGHTS_MAXIMUM_ALLOWED = SEC_FLAG_MAXIMUM_ALLOWED; + + /* a NULL sid */ const string SID_NULL = "S-1-0-0"; @@ -83,6 +167,8 @@ interface security dom_sid trustee; } security_ace; + const int NT4_ACL_REVISION = 0x2; + typedef [public] struct { uint16 revision; [value(ndr_size_security_acl(r))] uint16 size; @@ -111,6 +197,14 @@ interface security const int SEC_DESC_RM_CONTROL_VALID = 0x4000; const int SEC_DESC_SELF_RELATIVE = 0x8000; + /* bits that determine which parts of a security descriptor + are being queried/set */ + const int SECINFO_OWNER = 0x00000001; + const int SECINFO_GROUP = 0x00000002; + const int SECINFO_DACL = 0x00000004; + const int SECINFO_SACL = 0x00000008; + + typedef [public,flag(NDR_LITTLE_ENDIAN)] struct { uint8 revision; uint16 type; /* SEC_DESC_xxxx flags */ |