2 Unix SMB/CIFS implementation.
3 SMB parameters and setup
4 Copyright (C) Andrew Tridgell 1992-2000
5 Copyright (C) Luke Kenneth Casson Leighton 1996-2000
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 typedef struct security_descriptor SEC_DESC;
24 #ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
27 #define SEC_RIGHTS_QUERY_VALUE 0x00000001
28 #define SEC_RIGHTS_SET_VALUE 0x00000002
29 #define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
30 #define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
31 #define SEC_RIGHTS_NOTIFY 0x00000010
32 #define SEC_RIGHTS_CREATE_LINK 0x00000020
33 #define SEC_RIGHTS_READ 0x00020019
34 #define SEC_RIGHTS_FULL_CONTROL 0x000f003f
35 #define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
38 #define SEC_RIGHTS_LIST_CONTENTS 0x4
39 #define SEC_RIGHTS_LIST_OBJECT 0x80
40 #define SEC_RIGHTS_READ_ALL_PROP 0x10
41 #define SEC_RIGHTS_READ_PERMS 0x20000
42 #define SEC_RIGHTS_WRITE_ALL_VALID 0x8
43 #define SEC_RIGHTS_WRITE_ALL_PROP 0x20
44 #define SEC_RIGHTS_MODIFY_OWNER 0x80000
45 #define SEC_RIGHTS_MODIFY_PERMS 0x40000
46 #define SEC_RIGHTS_CREATE_CHILD 0x1
47 #define SEC_RIGHTS_DELETE_CHILD 0x2
48 #define SEC_RIGHTS_DELETE_SUBTREE 0x40
49 #define SEC_RIGHTS_DELETE 0x10000 /* advanced/special/object/delete */
50 #define SEC_RIGHTS_EXTENDED 0x100 /* change/reset password, receive/send as*/
51 #define SEC_RIGHTS_CHANGE_PASSWD SEC_RIGHTS_EXTENDED
52 #define SEC_RIGHTS_RESET_PASSWD SEC_RIGHTS_EXTENDED
53 #define SEC_RIGHTS_FULL_CTRL 0xf01ff
55 #define SEC_ACE_OBJECT_PRESENT 0x00000001 /* thanks for Jim McDonough <jmcd@us.ibm.com> */
56 #define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
58 #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
59 #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
60 #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
61 #define SEC_ACE_FLAG_INHERIT_ONLY 0x8
62 #define SEC_ACE_FLAG_INHERITED_ACE 0x10 /* New for Windows 2000 */
63 #define SEC_ACE_FLAG_VALID_INHERIT 0xf
64 #define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40
65 #define SEC_ACE_FLAG_FAILED_ACCESS 0x80
67 #define SEC_ACE_TYPE_ACCESS_ALLOWED 0x0
68 #define SEC_ACE_TYPE_ACCESS_DENIED 0x1
69 #define SEC_ACE_TYPE_SYSTEM_AUDIT 0x2
70 #define SEC_ACE_TYPE_SYSTEM_ALARM 0x3
71 #define SEC_ACE_TYPE_ALLOWED_COMPOUND 0x4
72 #define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5
73 #define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6
74 #define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7
75 #define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8
77 #define SEC_DESC_OWNER_DEFAULTED 0x0001
78 #define SEC_DESC_GROUP_DEFAULTED 0x0002
79 #define SEC_DESC_DACL_PRESENT 0x0004
80 #define SEC_DESC_DACL_DEFAULTED 0x0008
81 #define SEC_DESC_SACL_PRESENT 0x0010
82 #define SEC_DESC_SACL_DEFAULTED 0x0020
83 #define SEC_DESC_DACL_TRUSTED 0x0040
84 #define SEC_DESC_SERVER_SECURITY 0x0080
86 * New Windows 2000 bits.
88 #define SE_DESC_DACL_AUTO_INHERIT_REQ 0x0100
89 #define SE_DESC_SACL_AUTO_INHERIT_REQ 0x0200
90 #define SE_DESC_DACL_AUTO_INHERITED 0x0400
91 #define SE_DESC_SACL_AUTO_INHERITED 0x0800
92 #define SE_DESC_DACL_PROTECTED 0x1000
93 #define SE_DESC_SACL_PROTECTED 0x2000
95 /* Don't know what this means. */
96 #define SEC_DESC_RM_CONTROL_VALID 0x4000
98 #define SEC_DESC_SELF_RELATIVE 0x8000
100 /* security information */
101 #define OWNER_SECURITY_INFORMATION 0x00000001
102 #define GROUP_SECURITY_INFORMATION 0x00000002
103 #define DACL_SECURITY_INFORMATION 0x00000004
104 #define SACL_SECURITY_INFORMATION 0x00000008
105 /* Extra W2K flags. */
106 #define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
107 #define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
108 #define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
109 #define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
111 #define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
112 DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
113 UNPROTECTED_SACL_SECURITY_INFORMATION|\
114 UNPROTECTED_DACL_SECURITY_INFORMATION|\
115 PROTECTED_SACL_SECURITY_INFORMATION|\
116 PROTECTED_DACL_SECURITY_INFORMATION)
119 #define ACL_REVISION 0x3
122 #ifndef NT4_ACL_REVISION
123 #define NT4_ACL_REVISION 0x2
126 #ifndef SEC_DESC_REVISION
127 #define SEC_DESC_REVISION 0x1
131 /* Security Access Masks Rights */
133 #define SPECIFIC_RIGHTS_MASK 0x0000FFFF
134 #define STANDARD_RIGHTS_MASK 0x00FF0000
135 #define GENERIC_RIGHTS_MASK 0xF0000000
137 #define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
138 #define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
140 /* Generic access rights */
142 #define GENERIC_RIGHT_ALL_ACCESS 0x10000000
143 #define GENERIC_RIGHT_EXECUTE_ACCESS 0x20000000
144 #define GENERIC_RIGHT_WRITE_ACCESS 0x40000000
145 #define GENERIC_RIGHT_READ_ACCESS 0x80000000
147 /* Standard access rights. */
149 #define STD_RIGHT_DELETE_ACCESS 0x00010000
150 #define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
151 #define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
152 #define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
153 #define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
155 #define STD_RIGHT_ALL_ACCESS 0x001F0000
157 /* Combinations of standard masks. */
158 #define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
159 #define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
160 #define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
161 #define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
162 #define STANDARD_RIGHTS_REQUIRED_ACCESS \
163 (STD_RIGHT_DELETE_ACCESS | \
164 STD_RIGHT_READ_CONTROL_ACCESS | \
165 STD_RIGHT_WRITE_DAC_ACCESS | \
166 STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */
168 /* File Object specific access rights */
170 #define SA_RIGHT_FILE_READ_DATA 0x00000001
171 #define SA_RIGHT_FILE_WRITE_DATA 0x00000002
172 #define SA_RIGHT_FILE_APPEND_DATA 0x00000004
173 #define SA_RIGHT_FILE_READ_EA 0x00000008
174 #define SA_RIGHT_FILE_WRITE_EA 0x00000010
175 #define SA_RIGHT_FILE_EXECUTE 0x00000020
176 #define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
177 #define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
178 #define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
180 #define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
182 #define GENERIC_RIGHTS_FILE_ALL_ACCESS \
183 (STANDARD_RIGHTS_REQUIRED_ACCESS| \
184 STD_RIGHT_SYNCHRONIZE_ACCESS | \
185 SA_RIGHT_FILE_ALL_ACCESS)
187 #define GENERIC_RIGHTS_FILE_READ \
188 (STANDARD_RIGHTS_READ_ACCESS | \
189 STD_RIGHT_SYNCHRONIZE_ACCESS | \
190 SA_RIGHT_FILE_READ_DATA | \
191 SA_RIGHT_FILE_READ_ATTRIBUTES | \
192 SA_RIGHT_FILE_READ_EA)
194 #define GENERIC_RIGHTS_FILE_WRITE \
195 (STANDARD_RIGHTS_WRITE_ACCESS | \
196 STD_RIGHT_SYNCHRONIZE_ACCESS | \
197 SA_RIGHT_FILE_WRITE_DATA | \
198 SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
199 SA_RIGHT_FILE_WRITE_EA | \
200 SA_RIGHT_FILE_APPEND_DATA)
202 #define GENERIC_RIGHTS_FILE_EXECUTE \
203 (STANDARD_RIGHTS_EXECUTE_ACCESS | \
204 SA_RIGHT_FILE_READ_ATTRIBUTES | \
205 SA_RIGHT_FILE_EXECUTE)
208 /* directory specific access rights */
209 #define SA_RIGHT_DIR_LIST 0x0001
210 #define SA_RIGHT_DIR_ADD_FILE 0x0002
211 #define SA_RIGHT_DIR_ADD_SUBDIRECTORY 0x0004
212 #define SA_RIGHT_DIR_TRAVERSE 0x0020
213 #define SA_RIGHT_DIR_DELETE_CHILD 0x0040
216 /* SAM server specific access rights */
218 #define SA_RIGHT_SAM_CONNECT_SERVER 0x00000001
219 #define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
220 #define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004
221 #define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008
222 #define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
223 #define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
225 #define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
227 #define GENERIC_RIGHTS_SAM_ALL_ACCESS \
228 (STANDARD_RIGHTS_REQUIRED_ACCESS| \
229 SA_RIGHT_SAM_ALL_ACCESS)
231 #define GENERIC_RIGHTS_SAM_READ \
232 (STANDARD_RIGHTS_READ_ACCESS | \
233 SA_RIGHT_SAM_ENUM_DOMAINS)
235 #define GENERIC_RIGHTS_SAM_WRITE \
236 (STANDARD_RIGHTS_WRITE_ACCESS | \
237 SA_RIGHT_SAM_CREATE_DOMAIN | \
238 SA_RIGHT_SAM_INITIALISE_SERVER | \
239 SA_RIGHT_SAM_SHUTDOWN_SERVER)
241 #define GENERIC_RIGHTS_SAM_EXECUTE \
242 (STANDARD_RIGHTS_EXECUTE_ACCESS | \
243 SA_RIGHT_SAM_OPEN_DOMAIN | \
244 SA_RIGHT_SAM_CONNECT_SERVER)
247 /* Domain Object specific access rights */
249 #define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
250 #define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
251 #define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
252 #define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
253 #define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
254 #define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
255 #define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
256 #define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
257 #define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
258 #define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
259 #define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
261 #define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
263 #define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
264 (STANDARD_RIGHTS_REQUIRED_ACCESS| \
265 SA_RIGHT_DOMAIN_ALL_ACCESS)
267 #define GENERIC_RIGHTS_DOMAIN_READ \
268 (STANDARD_RIGHTS_READ_ACCESS | \
269 SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
270 SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
272 #define GENERIC_RIGHTS_DOMAIN_WRITE \
273 (STANDARD_RIGHTS_WRITE_ACCESS | \
274 SA_RIGHT_DOMAIN_SET_INFO_3 | \
275 SA_RIGHT_DOMAIN_CREATE_ALIAS | \
276 SA_RIGHT_DOMAIN_CREATE_GROUP | \
277 SA_RIGHT_DOMAIN_CREATE_USER | \
278 SA_RIGHT_DOMAIN_SET_INFO_2 | \
279 SA_RIGHT_DOMAIN_SET_INFO_1)
281 #define GENERIC_RIGHTS_DOMAIN_EXECUTE \
282 (STANDARD_RIGHTS_EXECUTE_ACCESS | \
283 SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
284 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
285 SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
288 /* User Object specific access rights */
290 #define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
291 #define SA_RIGHT_USER_GET_LOCALE 0x00000002
292 #define SA_RIGHT_USER_SET_LOC_COM 0x00000004
293 #define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
294 #define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
295 #define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
296 #define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
297 #define SA_RIGHT_USER_SET_PASSWORD 0x00000080
298 #define SA_RIGHT_USER_GET_GROUPS 0x00000100
299 #define SA_RIGHT_USER_READ_GROUP_MEM 0x00000200
300 #define SA_RIGHT_USER_CHANGE_GROUP_MEM 0x00000400
302 #define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
304 #define GENERIC_RIGHTS_USER_ALL_ACCESS \
305 (STANDARD_RIGHTS_REQUIRED_ACCESS| \
306 SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
308 #define GENERIC_RIGHTS_USER_READ \
309 (STANDARD_RIGHTS_READ_ACCESS | \
310 SA_RIGHT_USER_READ_GROUP_MEM | \
311 SA_RIGHT_USER_GET_GROUPS | \
312 SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
313 SA_RIGHT_USER_GET_LOGONINFO | \
314 SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
316 #define GENERIC_RIGHTS_USER_WRITE \
317 (STANDARD_RIGHTS_WRITE_ACCESS | \
318 SA_RIGHT_USER_CHANGE_PASSWORD | \
319 SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */
321 #define GENERIC_RIGHTS_USER_EXECUTE \
322 (STANDARD_RIGHTS_EXECUTE_ACCESS | \
323 SA_RIGHT_USER_CHANGE_PASSWORD | \
324 SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
327 /* Group Object specific access rights */
329 #define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
330 #define SA_RIGHT_GROUP_SET_INFO 0x00000002
331 #define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
332 #define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
333 #define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
335 #define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
337 #define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
338 (STANDARD_RIGHTS_REQUIRED_ACCESS| \
339 SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
341 #define GENERIC_RIGHTS_GROUP_READ \
342 (STANDARD_RIGHTS_READ_ACCESS | \
343 SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
345 #define GENERIC_RIGHTS_GROUP_WRITE \
346 (STANDARD_RIGHTS_WRITE_ACCESS | \
347 SA_RIGHT_GROUP_REMOVE_MEMBER | \
348 SA_RIGHT_GROUP_ADD_MEMBER | \
349 SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
351 #define GENERIC_RIGHTS_GROUP_EXECUTE \
352 (STANDARD_RIGHTS_EXECUTE_ACCESS | \
353 SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
356 /* Alias Object specific access rights */
358 #define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
359 #define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
360 #define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
361 #define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
362 #define SA_RIGHT_ALIAS_SET_INFO 0x00000010
364 #define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
366 #define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
367 (STANDARD_RIGHTS_REQUIRED_ACCESS| \
368 SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
370 #define GENERIC_RIGHTS_ALIAS_READ \
371 (STANDARD_RIGHTS_READ_ACCESS | \
372 SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
374 #define GENERIC_RIGHTS_ALIAS_WRITE \
375 (STANDARD_RIGHTS_WRITE_ACCESS | \
376 SA_RIGHT_ALIAS_REMOVE_MEMBER | \
377 SA_RIGHT_ALIAS_ADD_MEMBER | \
378 SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
380 #define GENERIC_RIGHTS_ALIAS_EXECUTE \
381 (STANDARD_RIGHTS_EXECUTE_ACCESS | \
382 SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
384 #endif /* _RPC_SECDES_H */