From c1e5f284569d7c9aece4fba0a2101305b16cae91 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Thu, 23 Oct 2008 18:33:49 +0200
Subject: idl: add svcctl specific access bits.

Guenther
---
 librpc/idl/svcctl.idl | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl
index 3eb686fe15..fa8e10988c 100644
--- a/librpc/idl/svcctl.idl
+++ b/librpc/idl/svcctl.idl
@@ -4,7 +4,7 @@
   svcctl interface definitions
 */
 
-import "misc.idl";
+import "misc.idl", "security.idl";
 [ uuid("367abb81-9844-35f1-ad32-98f038001003"),
   version(2.0),
   pointer_default(unique),
@@ -227,6 +227,9 @@ import "misc.idl";
 
 	/*****************/
 	/* Function 0x0f */
+
+	/* Service Control Manager Bits */
+
 	typedef [bitmap32bit] bitmap {
 		SC_RIGHT_MGR_CONNECT		= 0x0001,
 		SC_RIGHT_MGR_CREATE_SERVICE	= 0x0002,
@@ -236,6 +239,23 @@ import "misc.idl";
 		SC_RIGHT_MGR_MODIFY_BOOT_CONFIG	= 0x0020
 	} svcctl_MgrAccessMask;
 
+	const int SC_MANAGER_READ_ACCESS =
+		(SEC_STD_READ_CONTROL			|
+		 SC_RIGHT_MGR_CONNECT			|
+		 SC_RIGHT_MGR_ENUMERATE_SERVICE		|
+		 SC_RIGHT_MGR_QUERY_LOCK_STATUS);
+
+	const int SC_MANAGER_EXECUTE_ACCESS = SC_MANAGER_READ_ACCESS;
+
+	const int SC_MANAGER_WRITE_ACCESS =
+		(SEC_STD_REQUIRED			|
+		 SC_MANAGER_READ_ACCESS			|
+		 SC_RIGHT_MGR_CREATE_SERVICE		|
+		 SC_RIGHT_MGR_LOCK			|
+		 SC_RIGHT_MGR_MODIFY_BOOT_CONFIG);
+
+	const int SC_MANAGER_ALL_ACCESS = SC_MANAGER_WRITE_ACCESS;
+
 	WERROR svcctl_OpenSCManagerW(
 		[in,unique] [string,charset(UTF16)] uint16 *MachineName,
 		[in,unique] [string,charset(UTF16)] uint16 *DatabaseName,
@@ -245,6 +265,9 @@ import "misc.idl";
 
 	/*****************/
 	/* Function 0x10 */
+
+	/* Service Object Bits */
+
 	typedef [bitmap32bit] bitmap {
 		SC_RIGHT_SVC_QUERY_CONFIG		= 0x0001,
 		SC_RIGHT_SVC_CHANGE_CONFIG		= 0x0002,
@@ -257,6 +280,28 @@ import "misc.idl";
 		SC_RIGHT_SVC_USER_DEFINED_CONTROL	= 0x0100
 	} svcctl_ServiceAccessMask;
 
+	const int SERVICE_READ_ACCESS =
+		(SEC_STD_READ_CONTROL			|
+		 SC_RIGHT_SVC_ENUMERATE_DEPENDENTS	|
+		 SC_RIGHT_SVC_INTERROGATE		|
+		 SC_RIGHT_SVC_QUERY_CONFIG		|
+		 SC_RIGHT_SVC_QUERY_STATUS		|
+		 SC_RIGHT_SVC_USER_DEFINED_CONTROL);
+
+	const int SERVICE_EXECUTE_ACCESS =
+		(SERVICE_READ_ACCESS 			|
+		 SC_RIGHT_SVC_START			|
+		 SC_RIGHT_SVC_STOP			|
+		 SC_RIGHT_SVC_PAUSE_CONTINUE);
+
+	const int SERVICE_WRITE_ACCESS =
+		(SEC_STD_REQUIRED			|
+		 SERVICE_READ_ACCESS			|
+		 SERVICE_EXECUTE_ACCESS			|
+		 SC_RIGHT_SVC_CHANGE_CONFIG);
+
+	const int SERVICE_ALL_ACCESS = SERVICE_WRITE_ACCESS;
+
 	WERROR svcctl_OpenServiceW(
 		[in,ref] policy_handle *scmanager_handle,
 		[in] [string,charset(UTF16)] uint16 ServiceName[],
-- 
cgit 


From f36ffa768129f01b0c12d30bff5e4e205dd3676c Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Thu, 23 Oct 2008 18:34:28 +0200
Subject: s3-build: remove duplicate svcctl bits and re-run make samba3-idl.

Guenther
---
 source3/include/rpc_secdes.h    | 70 -----------------------------------------
 source3/librpc/gen_ndr/svcctl.h |  8 +++++
 2 files changed, 8 insertions(+), 70 deletions(-)

diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 71fba41fe9..fb73498b0d 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -385,76 +385,6 @@ struct standard_mapping {
 		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
 		SA_RIGHT_ALIAS_LOOKUP_INFO )	/* 0x00020008 */
 
-/*
- * Acces bits for the svcctl objects
- */
-
-/* Service Control Manager Bits */ 
-
-#if 0
-#define SC_RIGHT_MGR_CONNECT			0x0001
-#define SC_RIGHT_MGR_CREATE_SERVICE		0x0002
-#define SC_RIGHT_MGR_ENUMERATE_SERVICE		0x0004
-#define SC_RIGHT_MGR_LOCK			0x0008
-#define SC_RIGHT_MGR_QUERY_LOCK_STATUS		0x0010
-#define SC_RIGHT_MGR_MODIFY_BOOT_CONFIG		0x0020
-
-#endif
-
-#define SC_MANAGER_READ_ACCESS \
-	( STANDARD_RIGHTS_READ_ACCESS		| \
-	  SC_RIGHT_MGR_CONNECT			| \
-	  SC_RIGHT_MGR_ENUMERATE_SERVICE	| \
-	  SC_RIGHT_MGR_QUERY_LOCK_STATUS )
-
-#define SC_MANAGER_EXECUTE_ACCESS SC_MANAGER_READ_ACCESS
-
-#define SC_MANAGER_WRITE_ACCESS \
-	( STANDARD_RIGHTS_REQUIRED_ACCESS	| \
-	  SC_MANAGER_READ_ACCESS		| \
-	  SC_RIGHT_MGR_CREATE_SERVICE		| \
-	  SC_RIGHT_MGR_LOCK			| \
-	  SC_RIGHT_MGR_MODIFY_BOOT_CONFIG )
-
-#define SC_MANAGER_ALL_ACCESS SC_MANAGER_WRITE_ACCESS
-
-/* Service Object Bits */
-
-#if 0
-#define SC_RIGHT_SVC_QUERY_CONFIG		0x0001
-#define SC_RIGHT_SVC_CHANGE_CONFIG		0x0002
-#define SC_RIGHT_SVC_QUERY_STATUS		0x0004
-#define SC_RIGHT_SVC_ENUMERATE_DEPENDENTS	0x0008
-#define SC_RIGHT_SVC_START			0x0010
-#define SC_RIGHT_SVC_STOP			0x0020
-#define SC_RIGHT_SVC_PAUSE_CONTINUE		0x0040
-#define SC_RIGHT_SVC_INTERROGATE		0x0080
-#define SC_RIGHT_SVC_USER_DEFINED_CONTROL	0x0100
-
-#endif
-
-#define SERVICE_READ_ACCESS \
-	( STANDARD_RIGHTS_READ_ACCESS		| \
-	  SC_RIGHT_SVC_ENUMERATE_DEPENDENTS	| \
-	  SC_RIGHT_SVC_INTERROGATE		| \
-	  SC_RIGHT_SVC_QUERY_CONFIG		| \
-	  SC_RIGHT_SVC_QUERY_STATUS		| \
-	  SC_RIGHT_SVC_USER_DEFINED_CONTROL )
-
-#define SERVICE_EXECUTE_ACCESS \
-	( SERVICE_READ_ACCESS 			| \
-	  SC_RIGHT_SVC_START			| \
-	  SC_RIGHT_SVC_STOP			| \
-	  SC_RIGHT_SVC_PAUSE_CONTINUE )
-
-#define SERVICE_WRITE_ACCESS \
-	( STANDARD_RIGHTS_REQUIRED_ACCESS	| \
-	  SERVICE_READ_ACCESS			| \
-	  SERVICE_EXECUTE_ACCESS		| \
-	  SC_RIGHT_SVC_CHANGE_CONFIG )
-
-#define SERVICE_ALL_ACCESS SERVICE_WRITE_ACCESS
-
 /*
  * Access Bits for registry ACLS
  */
diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h
index 42ed039784..5da69794d2 100644
--- a/source3/librpc/gen_ndr/svcctl.h
+++ b/source3/librpc/gen_ndr/svcctl.h
@@ -18,6 +18,14 @@
 #define SERVICE_STATE_INACTIVE	( 0x02 )
 #define SERVICE_STATE_ALL	( 0x03 )
 #define SV_TYPE_ALL	( 0xFFFFFFFF )
+#define SC_MANAGER_READ_ACCESS	( (STANDARD_RIGHTS_READ_ACCESS|SC_RIGHT_MGR_CONNECT|SC_RIGHT_MGR_ENUMERATE_SERVICE|SC_RIGHT_MGR_QUERY_LOCK_STATUS) )
+#define SC_MANAGER_EXECUTE_ACCESS	( SC_MANAGER_READ_ACCESS )
+#define SC_MANAGER_WRITE_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SC_MANAGER_READ_ACCESS|SC_RIGHT_MGR_CREATE_SERVICE|SC_RIGHT_MGR_LOCK|SC_RIGHT_MGR_MODIFY_BOOT_CONFIG) )
+#define SC_MANAGER_ALL_ACCESS	( SC_MANAGER_WRITE_ACCESS )
+#define SERVICE_READ_ACCESS	( (STANDARD_RIGHTS_READ_ACCESS|SC_RIGHT_SVC_ENUMERATE_DEPENDENTS|SC_RIGHT_SVC_INTERROGATE|SC_RIGHT_SVC_QUERY_CONFIG|SC_RIGHT_SVC_QUERY_STATUS|SC_RIGHT_SVC_USER_DEFINED_CONTROL) )
+#define SERVICE_EXECUTE_ACCESS	( (SERVICE_READ_ACCESS|SC_RIGHT_SVC_START|SC_RIGHT_SVC_STOP|SC_RIGHT_SVC_PAUSE_CONTINUE) )
+#define SERVICE_WRITE_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SERVICE_READ_ACCESS|SERVICE_EXECUTE_ACCESS|SC_RIGHT_SVC_CHANGE_CONFIG) )
+#define SERVICE_ALL_ACCESS	( SERVICE_WRITE_ACCESS )
 struct SERVICE_LOCK_STATUS {
 	uint32_t is_locked;
 	const char *lock_owner;/* [unique,charset(UTF16)] */
-- 
cgit