From 3eb52c6cd61ae8117f3380050c0ef3be8ff841b4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 24 Aug 2005 11:01:10 +0000
Subject: r9574: - made the sec_info fields in lsa and samr use a IDL bitmap

- fixed winreg_GetKeySecurity() to use a sec_info field correctly

- simplied the winreg torture code, removing the separate opens for
  each hive

- added torture cleanup code in winreg test

- added 'create with security descriptor' in the winreg torture test
(This used to be commit f20695decd587f7b6bbdbd4861441bd19ab85078)
---
 source4/librpc/idl/lsa.idl      |  4 +++-
 source4/librpc/idl/samr.idl     |  6 ++++--
 source4/librpc/idl/security.idl | 16 +++++++++-------
 source4/librpc/idl/winreg.idl   | 12 ++++++++++--
 4 files changed, 26 insertions(+), 12 deletions(-)

(limited to 'source4/librpc/idl')

diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 63c7bad05c..83251b37db 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -13,6 +13,8 @@
   depends(security)
 ] interface lsarpc
 {
+	declare bitmap security_secinfo;
+
 	typedef [public,noejs] struct {
 		[value(2*strlen_m(string))] uint16 length;
 		[value(2*strlen_m(string))] uint16 size;
@@ -79,7 +81,7 @@
 
 	NTSTATUS lsa_QuerySecurity (
 		[in,ref]     policy_handle *handle,
-		[in]         uint32 sec_info,
+		[in]         security_secinfo sec_info,
 		[out]        sec_desc_buf *sdbuf
 		);
 
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index 0d3e49ff36..3ca7d1bd06 100644
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -16,6 +16,8 @@
   depends(lsa,security)
 ] interface samr
 {
+	declare bitmap security_secinfo;
+
 	/* account control (acct_flags) bits */
 	typedef [public,bitmap32bit] bitmap {
 		ACB_DISABLED  = 0x00000001,  /* 1 = User account disabled */
@@ -52,7 +54,7 @@
 
 	NTSTATUS samr_SetSecurity (
 		[in,ref]          policy_handle *handle,
-		[in]              uint32 sec_info,
+		[in]              security_secinfo sec_info,
 		[in,ref]          sec_desc_buf *sdbuf
 		);
 
@@ -61,7 +63,7 @@
 
 	NTSTATUS samr_QuerySecurity (
 		[in,ref]          policy_handle *handle,
-		[in]              uint32 sec_info,
+		[in]              security_secinfo sec_info,
 		[out]             sec_desc_buf *sdbuf
 		);
 
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index dd502b178f..cbdfba1ffb 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -297,13 +297,6 @@ interface security
 		SEC_DESC_SELF_RELATIVE		= 0x8000
 	} security_descriptor_type;
 
-	/* bits that determine which parts of a security descriptor
-	   are being queried/set */
-	const int SECINFO_OWNER                = 0x00000001;
-	const int SECINFO_GROUP                = 0x00000002;
-	const int SECINFO_DACL                 = 0x00000004;
-	const int SECINFO_SACL                 = 0x00000008;
-
 	typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
 		security_descriptor_revision revision;
 		security_descriptor_type type;     /* SEC_DESC_xxxx flags */
@@ -325,4 +318,13 @@ interface security
 		[size_is(num_sids)] dom_sid *sids[*];
 		udlong privilege_mask;
 	} security_token;
+
+	/* bits that determine which parts of a security descriptor
+	   are being queried/set */
+	typedef [public,bitmap32bit] bitmap {
+		SECINFO_OWNER                = 0x00000001,
+		SECINFO_GROUP                = 0x00000002,
+		SECINFO_DACL                 = 0x00000004,
+		SECINFO_SACL                 = 0x00000008
+	} security_secinfo;
 }
diff --git a/source4/librpc/idl/winreg.idl b/source4/librpc/idl/winreg.idl
index a6e2d53286..f29d3f6268 100644
--- a/source4/librpc/idl/winreg.idl
+++ b/source4/librpc/idl/winreg.idl
@@ -14,6 +14,8 @@
   depends(lsa,initshutdown)
 ] interface winreg
 {
+	declare bitmap security_secinfo;
+
 	typedef [v1_enum] enum {
 		REG_NONE                       = 0,
 		REG_SZ                         = 1,
@@ -96,6 +98,12 @@
 		bool8  inherit;
 	} winreg_SecBuf;
 
+	typedef [v1_enum] enum {
+		REG_ACTION_NONE         = 0, /* used by caller */
+		REG_CREATED_NEW_KEY     = 1,
+		REG_OPENED_EXISTING_KEY = 2
+	} winreg_CreateAction;
+
 	WERROR winreg_CreateKey(
 		[in,ref] policy_handle *handle,
 		[in] winreg_String name,
@@ -104,7 +112,7 @@
 		[in] uint32 access_required,
 		[in,unique] winreg_SecBuf *secdesc,
 		[out,ref] policy_handle *new_handle,
-		[in,out,unique] uint32 *action_taken
+		[in,out,unique] winreg_CreateAction *action_taken
 	);
 
 	/******************/
@@ -161,7 +169,7 @@
 	/* Function: 0x0c */
 	WERROR winreg_GetKeySecurity(
 		[in,ref] policy_handle *handle,
-		[in] uint32 access_mask,
+		[in] security_secinfo sec_info,
 		[in,out,ref] KeySecurityData *sd
 	);
 
-- 
cgit