From 068e09847ad3e494a8b5176980b3c0d46ddf4618 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 16 Oct 2009 10:01:28 +1100
Subject: [PATCH] idl: added bit definition for privilege masks

When you have backup or restore privileges, you automatically get
extra access bits in ACL interpretation. This adds definitions for the
bits you get.
---
 librpc/gen_ndr/security.h |  4 ++++
 librpc/idl/security.idl   | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
index 05df02ae8f5..297ba18d7f0 100644
--- a/librpc/gen_ndr/security.h
+++ b/librpc/gen_ndr/security.h
@@ -70,6 +70,10 @@
 #define SEC_RIGHTS_DIR_WRITE	( SEC_RIGHTS_FILE_WRITE )
 #define SEC_RIGHTS_DIR_EXECUTE	( SEC_RIGHTS_FILE_EXECUTE )
 #define SEC_RIGHTS_DIR_ALL	( SEC_RIGHTS_FILE_ALL )
+#define SEC_RIGHTS_PRIV_BACKUP	( SEC_STD_READ_CONTROL|SEC_FLAG_SYSTEM_SECURITY|SEC_GENERIC_READ )
+#define SEC_RIGHTS_DIR_PRIV_BACKUP	( SEC_RIGHTS_PRIV_BACKUP|SEC_DIR_TRAVERSE )
+#define SEC_RIGHTS_PRIV_RESTORE	( SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|SEC_FLAG_SYSTEM_SECURITY|SEC_STD_DELETE )
+#define SEC_RIGHTS_DIR_PRIV_RESTORE	( SEC_RIGHTS_PRIV_RESTORE|SEC_DIR_ADD_FILE|SEC_DIR_ADD_SUBDIR )
 #define STANDARD_RIGHTS_ALL_ACCESS	( SEC_STD_ALL )
 #define STANDARD_RIGHTS_MODIFY_ACCESS	( SEC_STD_READ_CONTROL )
 #define STANDARD_RIGHTS_EXECUTE_ACCESS	( SEC_STD_READ_CONTROL )
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 96d24b66859..c24dc64bd79 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -144,6 +144,21 @@ interface security
 	const int SEC_RIGHTS_DIR_EXECUTE  = SEC_RIGHTS_FILE_EXECUTE;
 	const int SEC_RIGHTS_DIR_ALL      = SEC_RIGHTS_FILE_ALL;
 
+	/* rights granted by some specific privileges */
+	const int SEC_RIGHTS_PRIV_BACKUP  = SEC_STD_READ_CONTROL | 
+					    SEC_FLAG_SYSTEM_SECURITY |
+					    SEC_GENERIC_READ;
+	const int SEC_RIGHTS_DIR_PRIV_BACKUP  = SEC_RIGHTS_PRIV_BACKUP 
+					      | SEC_DIR_TRAVERSE;
+
+	const int SEC_RIGHTS_PRIV_RESTORE = SEC_STD_WRITE_DAC | 
+					    SEC_STD_WRITE_OWNER |
+					    SEC_FLAG_SYSTEM_SECURITY |
+					    SEC_STD_DELETE;
+	const int SEC_RIGHTS_DIR_PRIV_RESTORE = SEC_RIGHTS_PRIV_RESTORE | 
+					    SEC_DIR_ADD_FILE |
+					    SEC_DIR_ADD_SUBDIR;
+
 	/* combinations of standard masks. */
 	const int STANDARD_RIGHTS_ALL_ACCESS		= SEC_STD_ALL; /* 0x001f0000 */
 	const int STANDARD_RIGHTS_MODIFY_ACCESS		= SEC_STD_READ_CONTROL; /* 0x00020000 */
-- 
2.34.1