#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
#define _RPC_SECDES_H
-#define SEC_RIGHTS_QUERY_VALUE 0x00000001
-#define SEC_RIGHTS_SET_VALUE 0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
-#define SEC_RIGHTS_NOTIFY 0x00000010
-#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_READ 0x00020019
-#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
/* for ADS */
#define SEC_RIGHTS_LIST_CONTENTS 0x4
#define SEC_RIGHTS_LIST_OBJECT 0x80
#define SEC_ACE_OBJECT_PRESENT 0x00000001 /* thanks for Jim McDonough <jmcd@us.ibm.com> */
#define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
-#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
-#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
-#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
-#define SEC_ACE_FLAG_INHERIT_ONLY 0x8
-#define SEC_ACE_FLAG_INHERITED_ACE 0x10 /* New for Windows 2000 */
-#define SEC_ACE_FLAG_VALID_INHERIT 0xf
-#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40
-#define SEC_ACE_FLAG_FAILED_ACCESS 0x80
-
-#define SEC_ACE_TYPE_ACCESS_ALLOWED 0x0
-#define SEC_ACE_TYPE_ACCESS_DENIED 0x1
-#define SEC_ACE_TYPE_SYSTEM_AUDIT 0x2
-#define SEC_ACE_TYPE_SYSTEM_ALARM 0x3
-#define SEC_ACE_TYPE_ALLOWED_COMPOUND 0x4
-#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5
-#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6
-#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7
-#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8
-
-#define SEC_DESC_OWNER_DEFAULTED 0x0001
-#define SEC_DESC_GROUP_DEFAULTED 0x0002
-#define SEC_DESC_DACL_PRESENT 0x0004
-#define SEC_DESC_DACL_DEFAULTED 0x0008
-#define SEC_DESC_SACL_PRESENT 0x0010
-#define SEC_DESC_SACL_DEFAULTED 0x0020
-#define SEC_DESC_DACL_TRUSTED 0x0040
-#define SEC_DESC_SERVER_SECURITY 0x0080
/*
* New Windows 2000 bits.
*/
#define SE_DESC_DACL_PROTECTED 0x1000
#define SE_DESC_SACL_PROTECTED 0x2000
-/* Don't know what this means. */
-#define SEC_DESC_RM_CONTROL_VALID 0x4000
-
-#define SEC_DESC_SELF_RELATIVE 0x8000
-
/* security information */
#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
-/* Globally Unique ID */
-#define GUID_SIZE 16
-typedef struct guid_info
-{
- uint8 info[GUID_SIZE];
-} GUID;
-
/* SEC_ACCESS */
typedef struct security_info_info
{
#define ACL_REVISION 0x3
#endif
-#ifndef NT4_ACL_REVISION
-#define NT4_ACL_REVISION 0x2
-#endif
-
#ifndef _SEC_ACL
/* SEC_ACL */
typedef struct security_acl_info
#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
+#define STANDARD_RIGHTS_WRITE_ACCESS \
+ (STD_RIGHT_WRITE_OWNER_ACCESS | \
+ STD_RIGHT_WRITE_DAC_ACCESS | \
+ STD_RIGHT_DELETE_ACCESS) /* 0x000d0000 */
#define STANDARD_RIGHTS_REQUIRED_ACCESS \
(STD_RIGHT_DELETE_ACCESS | \
STD_RIGHT_READ_CONTROL_ACCESS | \
#define GENERIC_RIGHTS_USER_WRITE \
(STANDARD_RIGHTS_WRITE_ACCESS | \
SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */
+ SA_RIGHT_USER_SET_LOC_COM | \
+ SA_RIGHT_USER_SET_ATTRIBUTES | \
+ SA_RIGHT_USER_SET_PASSWORD | \
+ SA_RIGHT_USER_CHANGE_GROUP_MEM) /* 0x000204e4 */
#define GENERIC_RIGHTS_USER_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
+/*
+ * Acces bits for the svcctl objects
+ */
+
+/* Service Control Manager Bits */
+
+#define SC_RIGHT_MGR_CONNECT 0x0001
+#define SC_RIGHT_MGR_CREATE_SERVICE 0x0002
+#define SC_RIGHT_MGR_ENUMERATE_SERVICE 0x0004
+#define SC_RIGHT_MGR_LOCK 0x0008
+#define SC_RIGHT_MGR_QUERY_LOCK_STATUS 0x0010
+#define SC_RIGHT_MGR_MODIFY_BOOT_CONFIG 0x0020
+
+#define SC_MANAGER_READ_ACCESS \
+ ( STANDARD_RIGHTS_READ_ACCESS | \
+ SC_RIGHT_MGR_CONNECT | \
+ SC_RIGHT_MGR_ENUMERATE_SERVICE | \
+ SC_RIGHT_MGR_QUERY_LOCK_STATUS )
+
+#define SC_MANAGER_EXECUTE_ACCESS SC_MANAGER_READ_ACCESS
+
+#define SC_MANAGER_WRITE_ACCESS \
+ ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
+ SC_MANAGER_READ_ACCESS | \
+ SC_RIGHT_MGR_CREATE_SERVICE | \
+ SC_RIGHT_MGR_LOCK | \
+ SC_RIGHT_MGR_MODIFY_BOOT_CONFIG )
+
+#define SC_MANAGER_ALL_ACCESS SC_MANAGER_WRITE_ACCESS
+
+/* Service Object Bits */
+
+#define SC_RIGHT_SVC_QUERY_CONFIG 0x0001
+#define SC_RIGHT_SVC_CHANGE_CONFIG 0x0002
+#define SC_RIGHT_SVC_QUERY_STATUS 0x0004
+#define SC_RIGHT_SVC_ENUMERATE_DEPENDENTS 0x0008
+#define SC_RIGHT_SVC_START 0x0010
+#define SC_RIGHT_SVC_STOP 0x0020
+#define SC_RIGHT_SVC_PAUSE_CONTINUE 0x0040
+#define SC_RIGHT_SVC_INTERROGATE 0x0080
+#define SC_RIGHT_SVC_USER_DEFINED_CONTROL 0x0100
+
+#define SERVICE_READ_ACCESS \
+ ( STANDARD_RIGHTS_READ_ACCESS | \
+ SC_RIGHT_SVC_ENUMERATE_DEPENDENTS | \
+ SC_RIGHT_SVC_INTERROGATE | \
+ SC_RIGHT_SVC_QUERY_CONFIG | \
+ SC_RIGHT_SVC_QUERY_STATUS | \
+ SC_RIGHT_SVC_USER_DEFINED_CONTROL )
+
+#define SERVICE_EXECUTE_ACCESS \
+ ( SERVICE_READ_ACCESS | \
+ SC_RIGHT_SVC_START | \
+ SC_RIGHT_SVC_STOP | \
+ SC_RIGHT_SVC_PAUSE_CONTINUE )
+
+#define SERVICE_WRITE_ACCESS \
+ ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
+ SERVICE_READ_ACCESS | \
+ SERVICE_EXECUTE_ACCESS | \
+ SC_RIGHT_SVC_CHANGE_CONFIG )
+
+#define SERVICE_ALL_ACCESS SERVICE_WRITE_ACCESS
+
+
+
+/*
+ * Access Bits for registry ACLS
+ */
+
+/* used by registry ACLs */
+
+#define SEC_RIGHTS_QUERY_VALUE 0x00000001
+#define SEC_RIGHTS_SET_VALUE 0x00000002
+#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
+#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
+#define SEC_RIGHTS_NOTIFY 0x00000010
+#define SEC_RIGHTS_CREATE_LINK 0x00000020
+#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
+
+
+#define REG_KEY_READ \
+ ( STANDARD_RIGHTS_READ_ACCESS |\
+ SEC_RIGHTS_QUERY_VALUE |\
+ SEC_RIGHTS_ENUM_SUBKEYS |\
+ SEC_RIGHTS_NOTIFY )
+
+#define REG_KEY_EXECUTE REG_KEY_READ
+
+#define REG_KEY_WRITE \
+ ( STANDARD_RIGHTS_WRITE_ACCESS |\
+ SEC_RIGHTS_SET_VALUE |\
+ SEC_RIGHTS_CREATE_SUBKEY )
+
+#define REG_KEY_ALL \
+ ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
+ REG_KEY_READ |\
+ REG_KEY_WRITE |\
+ SEC_RIGHTS_CREATE_LINK )
+
+
#endif /* _RPC_SECDES_H */
git.samba.org / samba.git / blobdiff