s3-secdesc: move all winreg access bits to IDL.

Guenther
(cherry picked from commit 38264bb3b86a3c9da941070f29ec08227c471d2b)
(cherry picked from commit 904bc5011fc7df40111f493ff28972640b95c0d1)

7 files changed, 43 insertions, 54 deletions

diff --git a/librpc/gen_ndr/winreg.h b/librpc/gen_ndr/winreg.h
index e0300fd0e7a..103817c4666 100644
--- a/librpc/gen_ndr/winreg.h
+++ b/librpc/gen_ndr/winreg.h
@@ -9,6 +9,10 @@
 #ifndef _HEADER_winreg
 #define _HEADER_winreg
 
+#define REG_KEY_READ	( (STANDARD_RIGHTS_READ_ACCESS|KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY) )
+#define REG_KEY_EXECUTE	( REG_KEY_READ )
+#define REG_KEY_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|KEY_SET_VALUE|KEY_CREATE_SUB_KEY) )
+#define REG_KEY_ALL	( (STANDARD_RIGHTS_REQUIRED_ACCESS|REG_KEY_READ|REG_KEY_WRITE|KEY_CREATE_LINK) )
 /* bitmap winreg_AccessMask */
 #define KEY_QUERY_VALUE ( 0x00001 )
 #define KEY_SET_VALUE ( 0x00002 )
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index b905bdea7bd..18b5edcb5d9 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -14,6 +14,10 @@ import "lsa.idl", "security.idl";
 {
 	typedef bitmap security_secinfo security_secinfo;
 
+	/*
+	 * Access Bits for registry ACLS
+	 */
+
 	typedef [bitmap32bit] bitmap {
 		KEY_QUERY_VALUE 		= 0x00001,
 		KEY_SET_VALUE 			= 0x00002,
@@ -25,6 +29,22 @@ import "lsa.idl", "security.idl";
 		KEY_WOW64_32KEY 		= 0x00200
 	} winreg_AccessMask;
 
+	const int REG_KEY_READ = (	STANDARD_RIGHTS_READ_ACCESS	|
+					KEY_QUERY_VALUE			|
+					KEY_ENUMERATE_SUB_KEYS 		|
+					KEY_NOTIFY);
+
+	const int REG_KEY_EXECUTE = REG_KEY_READ;
+
+	const int REG_KEY_WRITE = (	STANDARD_RIGHTS_WRITE_ACCESS	|
+					KEY_SET_VALUE	 		|
+					KEY_CREATE_SUB_KEY);
+
+	const int REG_KEY_ALL = (	STANDARD_RIGHTS_REQUIRED_ACCESS |
+					REG_KEY_READ 			|
+					REG_KEY_WRITE 			|
+					KEY_CREATE_LINK);
+
 	typedef [public,v1_enum] enum {
 		REG_NONE                       = 0,
 		REG_SZ                         = 1,
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index c74d621f35d..1ce3f846003 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -194,39 +194,4 @@ struct standard_mapping {
 		SA_RIGHT_FILE_WRITE_DATA	| \
 		SA_RIGHT_FILE_READ_DATA)
 
-/*
- * Access Bits for registry ACLS
- */
-
-/* used by registry ACLs */
-
-#define SEC_RIGHTS_QUERY_VALUE		0x00000001
-#define SEC_RIGHTS_SET_VALUE		0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY	0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS		0x00000008
-#define SEC_RIGHTS_NOTIFY		0x00000010
-#define SEC_RIGHTS_CREATE_LINK		0x00000020
-#define SEC_RIGHTS_MAXIMUM_ALLOWED	0x02000000
-
-
-#define REG_KEY_READ \
-	( STANDARD_RIGHTS_READ_ACCESS 		|\
-	  SEC_RIGHTS_QUERY_VALUE 		|\
-	  SEC_RIGHTS_ENUM_SUBKEYS 		|\
-	  SEC_RIGHTS_NOTIFY )
-	  
-#define REG_KEY_EXECUTE	REG_KEY_READ
-
-#define REG_KEY_WRITE \
-	( STANDARD_RIGHTS_WRITE_ACCESS		|\
-	  SEC_RIGHTS_SET_VALUE 			|\
-	  SEC_RIGHTS_CREATE_SUBKEY )
-
-#define REG_KEY_ALL \
-	( STANDARD_RIGHTS_REQUIRED_ACCESS 	|\
-	  REG_KEY_READ 				|\
-	  REG_KEY_WRITE 			|\
-	  SEC_RIGHTS_CREATE_LINK )
-
-
 #endif /* _RPC_SECDES_H */
diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c
index 0ecac97575e..54ce5348a74 100644
--- a/source3/lib/smbconf/smbconf_reg.c
+++ b/source3/lib/smbconf/smbconf_reg.c
@@ -567,7 +567,7 @@ static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path)
 	}
 
 	werr = reg_open_path(ctx, ctx->path,
-			     SEC_RIGHTS_ENUM_SUBKEYS | REG_KEY_WRITE,
+			     KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE,
 			     token, &rpd(ctx)->base_key);
 	if (!W_ERROR_IS_OK(werr)) {
 		goto done;
diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c
index c1a78c14dc7..817d43be6b9 100644
--- a/source3/registry/reg_api.c
+++ b/source3/registry/reg_api.c
@@ -272,7 +272,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
 
 		err = regkey_open_onelevel(mem_ctx, direct_parent,
 					   name_component, parent->token,
-					   SEC_RIGHTS_ENUM_SUBKEYS, &tmp);
+					   KEY_ENUMERATE_SUB_KEYS, &tmp);
 		SAFE_FREE(name_component);
 
 		if (!W_ERROR_IS_OK(err)) {
@@ -301,7 +301,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key,
 {
 	WERROR err;
 
-	if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) {
+	if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -332,7 +332,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
 	struct registry_value *val;
 	WERROR err;
 
-	if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+	if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -370,7 +370,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
 	WERROR err;
 	uint32 i;
 
-	if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+	if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -399,7 +399,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
 	WERROR err;
 	struct security_descriptor *secdesc;
 
-	if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+	if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -483,7 +483,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
 		*end = '\0';
 
 		err = reg_createkey(mem_ctx, key, path,
-				    SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action);
+				    KEY_ENUMERATE_SUB_KEYS, &tmp, &action);
 		if (!W_ERROR_IS_OK(err)) {
 			goto done;
 		}
@@ -521,7 +521,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
 	 * with ENUM_SUBKEY access.
 	 */
 
-	err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY,
+	err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY,
 			  &create_parent);
 	if (!W_ERROR_IS_OK(err)) {
 		goto done;
@@ -582,7 +582,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path)
 		*end = '\0';
 
 		err = reg_openkey(mem_ctx, parent, name,
-				  SEC_RIGHTS_CREATE_SUBKEY, &tmp_key);
+				  KEY_CREATE_SUB_KEY, &tmp_key);
 		W_ERROR_NOT_OK_GOTO_DONE(err);
 
 		parent = tmp_key;
@@ -608,7 +608,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
 	DATA_BLOB value_data;
 	int res;
 
-	if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+	if (!(key->key->access_granted & KEY_SET_VALUE)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -655,7 +655,7 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name)
 {
 	WERROR err;
 
-	if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+	if (!(key->key->access_granted & KEY_SET_VALUE)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -982,7 +982,7 @@ WERROR reg_deleteallvalues(struct registry_key *key)
 	WERROR err;
 	int i;
 
-	if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+	if (!(key->key->access_granted & KEY_SET_VALUE)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -1038,7 +1038,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
 
 	*p = '\0';
 
-	err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token,
+	err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token,
 			   &hive);
 	if (!W_ERROR_IS_OK(err)) {
 		SAFE_FREE(path);
@@ -1209,7 +1209,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
 
 	err = reg_openhive(mem_ctx, path,
 			   (strchr(p+1, '\\') != NULL) ?
-			   SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+			   KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
 			   token, &hive);
 	if (!W_ERROR_IS_OK(err)) {
 		SAFE_FREE(path);
@@ -1249,7 +1249,7 @@ WERROR reg_delete_path(const struct nt_user_token *token,
 
 	err = reg_openhive(NULL, path,
 			   (strchr(p+1, '\\') != NULL) ?
-			   SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+			   KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
 			   token, &hive);
 	if (!W_ERROR_IS_OK(err)) {
 		SAFE_FREE(path);
diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c
index b7be038539d..85e90a19b51 100644
--- a/source3/rpcclient/cmd_test.c
+++ b/source3/rpcclient/cmd_test.c
@@ -45,7 +45,7 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 	}
 
 	status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
-					SEC_RIGHTS_QUERY_VALUE, &pol);
+					KEY_QUERY_VALUE, &pol);
 
 	if (!NT_STATUS_IS_OK(status))
 		goto done;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 25ecf4a4d6f..d100189bfcc 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -5595,7 +5595,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
 		return -1;
 	}
 
-	nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
+	nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
 	                                 &connect_hnd);
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -5851,7 +5851,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc,
 		return -1;
 	};
 
-	nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+	nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
 					&connect_hnd);
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -6008,7 +6008,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
 		return -1;
 	};
 
-	nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+	nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
 					&connect_hnd);
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("Couldn't open policy handle. Error was %s\n",