From fdc9f417d89fdf9dd6afbc22843d70585e195c9d Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 30 Nov 2004 04:33:27 +0000
Subject: r4011: get rid of rpc_secdes.h and replace it with a single sane set
 of definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
---
 source4/librpc/idl/security.idl | 94 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)

(limited to 'source4/librpc/idl/security.idl')

diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 9625153ec1..817b57a780 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -6,6 +6,90 @@
 
 interface security
 {
+	/*
+	  access masks are divided up like this:
+                0xabccdddd
+		where 
+		   a = generic rights bits        SEC_GENERIC_
+		   b = flags                      SEC_FLAG_
+		   c = standard rights bits       SEC_STD_
+		   d = object type specific bits  SEC_{FILE,DIR,REG,xxx}_
+		   
+          common combinations of bits are prefixed with SEC_RIGHTS_
+	*/
+        const int SEC_MASK_GENERIC         = 0xF0000000;
+        const int SEC_MASK_FLAGS           = 0x0F000000;
+        const int SEC_MASK_STANDARD        = 0x00FF0000;
+	const int SEC_MASK_SPECIFIC        = 0x0000FFFF;
+
+	/* generic bits */
+	const int SEC_GENERIC_ALL          = 0x10000000;
+	const int SEC_GENERIC_EXECUTE      = 0x20000000;
+	const int SEC_GENERIC_WRITE        = 0x40000000;
+	const int SEC_GENERIC_READ         = 0x80000000;
+
+	/* flag bits */
+	const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000;
+	const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000;
+
+	/* standard bits */
+	const int SEC_STD_DELETE           = 0x00010000;
+	const int SEC_STD_READ_CONTROL     = 0x00020000;
+	const int SEC_STD_WRITE_DAC        = 0x00040000;
+	const int SEC_STD_WRITE_OWNER      = 0x00080000;
+	const int SEC_STD_SYNCHRONIZE      = 0x00100000;
+	const int SEC_STD_REQUIRED         = 0x000F0000;
+	const int SEC_STD_ALL              = 0x001F0000;
+
+	/* file specific bits */
+	const int SEC_FILE_READ_DATA       = 0x00000001;
+	const int SEC_FILE_WRITE_DATA      = 0x00000002;
+	const int SEC_FILE_APPEND_DATA     = 0x00000004;
+	const int SEC_FILE_READ_EA         = 0x00000008;
+	const int SEC_FILE_WRITE_EA        = 0x00000010;
+	const int SEC_FILE_EXECUTE         = 0x00000020;
+	const int SEC_FILE_READ_ATTRIBUTE  = 0x00000080;
+	const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100;
+	const int SEC_FILE_ALL             = 0x000001ff;
+
+	/* directory specific bits */
+	const int SEC_DIR_LIST             = 0x00000001;
+	const int SEC_DIR_ADD_FILE         = 0x00000002;
+	const int SEC_DIR_ADD_SUBDIR       = 0x00000004;
+	const int SEC_DIR_READ_EA          = 0x00000008;
+	const int SEC_DIR_WRITE_EA         = 0x00000010;
+	const int SEC_DIR_TRAVERSE         = 0x00000020;
+	const int SEC_DIR_DELETE_CHILD     = 0x00000040;
+	const int SEC_DIR_READ_ATTRIBUTE   = 0x00000080;
+	const int SEC_DIR_WRITE_ATTRIBUTE  = 0x00000100;
+
+	/* registry entry specific bits */
+	const int SEC_REG_QUERY_VALUE      = 0x00000001;
+	const int SEC_REG_SET_VALUE        = 0x00000002;
+	const int SEC_REG_CREATE_SUBKEY    = 0x00000004;
+	const int SEC_REG_ENUM_SUBKEYS     = 0x00000008;
+	const int SEC_REG_NOTIFY           = 0x00000010;
+	const int SEC_REG_CREATE_LINK      = 0x00000020;
+
+	/* common combinations of bits */
+	const int SEC_RIGHTS_FULL_CONTROL = SEC_STD_ALL | SEC_FILE_ALL;
+
+	const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL | 
+	                                 SEC_STD_SYNCHRONIZE | 
+					 SEC_FILE_READ_DATA | 
+                                         SEC_FILE_READ_ATTRIBUTE | 
+                                         SEC_FILE_READ_EA;
+
+	const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL | 
+	                                  SEC_STD_SYNCHRONIZE | 
+					  SEC_FILE_WRITE_DATA | 
+                                          SEC_FILE_WRITE_ATTRIBUTE | 
+                                          SEC_FILE_WRITE_EA |
+                                          SEC_FILE_APPEND_DATA;
+
+	const int SEC_RIGHTS_MAXIMUM_ALLOWED = SEC_FLAG_MAXIMUM_ALLOWED;
+
+
 	/* a NULL sid */
 	const string SID_NULL = "S-1-0-0";
 
@@ -83,6 +167,8 @@ interface security
 		dom_sid trustee;
 	} security_ace;
 
+	const int NT4_ACL_REVISION  = 0x2;
+
 	typedef [public] struct {
 		uint16 revision;
 		[value(ndr_size_security_acl(r))] uint16 size;
@@ -111,6 +197,14 @@ interface security
 	const int SEC_DESC_RM_CONTROL_VALID	 = 0x4000;
 	const int SEC_DESC_SELF_RELATIVE	 = 0x8000;
 
+	/* bits that determine which parts of a security descriptor
+	   are being queried/set */
+	const int SECINFO_OWNER                = 0x00000001;
+	const int SECINFO_GROUP                = 0x00000002;
+	const int SECINFO_DACL                 = 0x00000004;
+	const int SECINFO_SACL                 = 0x00000008;
+
+
 	typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
 		uint8 revision;
 		uint16 type;     /* SEC_DESC_xxxx flags */
-- 
cgit