From 1f9d06a1b0ff787db46af25bf68f194a08ac6c8e Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 27 Oct 2009 15:28:06 +0100
Subject: lsa: add LSA_TRUSTED_DOMAIN access masks.

Guenther
---
 librpc/gen_ndr/lsa.h |  4 ++++
 librpc/idl/lsa.idl   | 29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

(limited to 'librpc')

diff --git a/librpc/gen_ndr/lsa.h b/librpc/gen_ndr/lsa.h
index ccd4e2eca9..a0af571283 100644
--- a/librpc/gen_ndr/lsa.h
+++ b/librpc/gen_ndr/lsa.h
@@ -21,6 +21,10 @@
 #define LSA_SECRET_READ	( (LSA_SECRET_QUERY_VALUE|STANDARD_RIGHTS_READ_ACCESS) )
 #define LSA_SECRET_WRITE	( (LSA_SECRET_SET_VALUE|STANDARD_RIGHTS_READ_ACCESS) )
 #define LSA_SECRET_EXECUTE	( (STANDARD_RIGHTS_READ_ACCESS) )
+#define LSA_TRUSTED_DOMAIN_ALL_ACCESS	( (LSA_TRUSTED_QUERY_DOMAIN_NAME|LSA_TRUSTED_QUERY_CONTROLLERS|LSA_TRUSTED_SET_CONTROLLERS|LSA_TRUSTED_QUERY_POSIX|LSA_TRUSTED_SET_POSIX|LSA_TRUSTED_SET_AUTH|LSA_TRUSTED_QUERY_AUTH|SEC_STD_DELETE|STANDARD_RIGHTS_READ_ACCESS|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER) )
+#define LSA_TRUSTED_DOMAIN_READ	( (LSA_TRUSTED_QUERY_DOMAIN_NAME|STANDARD_RIGHTS_READ_ACCESS) )
+#define LSA_TRUSTED_DOMAIN_WRITE	( (LSA_TRUSTED_SET_CONTROLLERS|LSA_TRUSTED_SET_POSIX|LSA_TRUSTED_SET_AUTH|STANDARD_RIGHTS_READ_ACCESS) )
+#define LSA_TRUSTED_DOMAIN_EXECUTE	( (LSA_TRUSTED_QUERY_DOMAIN_NAME|LSA_TRUSTED_QUERY_POSIX|STANDARD_RIGHTS_READ_ACCESS) )
 #define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER	( 60 )
 #define LSA_REF_DOMAIN_LIST_MULTIPLIER	( 32 )
 #define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER	( 82 )
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index ed95b919f9..a893786afa 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -242,6 +242,35 @@ import "misc.idl", "security.idl";
 		LSA_TRUSTED_QUERY_AUTH			= 0x00000040
 	} lsa_TrustedAccessMask;
 
+	const int LSA_TRUSTED_DOMAIN_ALL_ACCESS =
+		(LSA_TRUSTED_QUERY_DOMAIN_NAME |
+		 LSA_TRUSTED_QUERY_CONTROLLERS |
+		 LSA_TRUSTED_SET_CONTROLLERS |
+		 LSA_TRUSTED_QUERY_POSIX |
+		 LSA_TRUSTED_SET_POSIX |
+		 LSA_TRUSTED_SET_AUTH |
+		 LSA_TRUSTED_QUERY_AUTH |
+		 SEC_STD_DELETE |
+		 STANDARD_RIGHTS_READ_ACCESS |
+		 SEC_STD_WRITE_DAC |
+		 SEC_STD_WRITE_OWNER); /* 0x000F007F */
+
+	const int LSA_TRUSTED_DOMAIN_READ =
+		(LSA_TRUSTED_QUERY_DOMAIN_NAME |
+		 STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
+
+	const int LSA_TRUSTED_DOMAIN_WRITE =
+		(LSA_TRUSTED_SET_CONTROLLERS |
+		 LSA_TRUSTED_SET_POSIX |
+		 LSA_TRUSTED_SET_AUTH |
+		 STANDARD_RIGHTS_READ_ACCESS); /* 0x00020034 */
+
+	const int LSA_TRUSTED_DOMAIN_EXECUTE =
+		(LSA_TRUSTED_QUERY_DOMAIN_NAME |
+		 LSA_TRUSTED_QUERY_POSIX |
+		 STANDARD_RIGHTS_READ_ACCESS); /* 0x0002000C */
+
+
 	/* notice the screwup with the system_name - thats why MS created
 	   OpenPolicy2 */
 	[public] NTSTATUS lsa_OpenPolicy (
-- 
cgit