1/*
2   Unix SMB/CIFS implementation.
3   SMB parameters and setup
4   Copyright (C) Andrew Tridgell              1992-2000
5   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
6
7   This program is free software; you can redistribute it and/or modify
8   it under the terms of the GNU General Public License as published by
9   the Free Software Foundation; either version 2 of the License, or
10   (at your option) any later version.
11
12   This program is distributed in the hope that it will be useful,
13   but WITHOUT ANY WARRANTY; without even the implied warranty of
14   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15   GNU General Public License for more details.
16
17   You should have received a copy of the GNU General Public License
18   along with this program; if not, write to the Free Software
19   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20*/
21
22#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
23#define _RPC_SECDES_H
24
25#define SEC_RIGHTS_QUERY_VALUE		0x00000001
26#define SEC_RIGHTS_SET_VALUE		0x00000002
27#define SEC_RIGHTS_CREATE_SUBKEY	0x00000004
28#define SEC_RIGHTS_ENUM_SUBKEYS		0x00000008
29#define SEC_RIGHTS_NOTIFY		0x00000010
30#define SEC_RIGHTS_CREATE_LINK		0x00000020
31#define SEC_RIGHTS_READ			0x00020019
32#define SEC_RIGHTS_FULL_CONTROL		0x000f003f
33#define SEC_RIGHTS_MAXIMUM_ALLOWED	0x02000000
34
35/* for ADS */
36#define	SEC_RIGHTS_LIST_CONTENTS	0x4
37#define SEC_RIGHTS_LIST_OBJECT		0x80
38#define	SEC_RIGHTS_READ_ALL_PROP	0x10
39#define	SEC_RIGHTS_READ_PERMS		0x20000
40#define SEC_RIGHTS_WRITE_ALL_VALID	0x8
41#define	SEC_RIGHTS_WRITE_ALL_PROP	0x20
42#define SEC_RIGHTS_MODIFY_OWNER		0x80000
43#define	SEC_RIGHTS_MODIFY_PERMS		0x40000
44#define	SEC_RIGHTS_CREATE_CHILD		0x1
45#define	SEC_RIGHTS_DELETE_CHILD		0x2
46#define SEC_RIGHTS_DELETE_SUBTREE	0x40
47#define SEC_RIGHTS_DELETE               0x10000 /* advanced/special/object/delete */
48#define SEC_RIGHTS_EXTENDED		0x100 /* change/reset password, receive/send as*/
49#define	SEC_RIGHTS_CHANGE_PASSWD	SEC_RIGHTS_EXTENDED
50#define	SEC_RIGHTS_RESET_PASSWD		SEC_RIGHTS_EXTENDED
51#define SEC_RIGHTS_FULL_CTRL		0xf01ff
52
53#define SEC_ACE_OBJECT_PRESENT           0x00000001 /* thanks for Jim McDonough <jmcd@us.ibm.com> */
54#define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
55
56#define SEC_ACE_FLAG_OBJECT_INHERIT		0x1
57#define SEC_ACE_FLAG_CONTAINER_INHERIT		0x2
58#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT	0x4
59#define SEC_ACE_FLAG_INHERIT_ONLY		0x8
60#define SEC_ACE_FLAG_INHERITED_ACE		0x10 /* New for Windows 2000 */
61#define SEC_ACE_FLAG_VALID_INHERIT		0xf
62#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS		0x40
63#define SEC_ACE_FLAG_FAILED_ACCESS		0x80
64
65#define SEC_ACE_TYPE_ACCESS_ALLOWED		0x0
66#define SEC_ACE_TYPE_ACCESS_DENIED		0x1
67#define SEC_ACE_TYPE_SYSTEM_AUDIT		0x2
68#define SEC_ACE_TYPE_SYSTEM_ALARM		0x3
69#define SEC_ACE_TYPE_ALLOWED_COMPOUND		0x4
70#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT	0x5
71#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT     	0x6
72#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT      	0x7
73#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT	0x8
74
75#define SEC_DESC_OWNER_DEFAULTED	0x0001
76#define SEC_DESC_GROUP_DEFAULTED	0x0002
77#define SEC_DESC_DACL_PRESENT		0x0004
78#define SEC_DESC_DACL_DEFAULTED		0x0008
79#define SEC_DESC_SACL_PRESENT		0x0010
80#define SEC_DESC_SACL_DEFAULTED		0x0020
81#define SEC_DESC_DACL_TRUSTED		0x0040
82#define SEC_DESC_SERVER_SECURITY	0x0080
83/*
84 * New Windows 2000 bits.
85 */
86#define SE_DESC_DACL_AUTO_INHERIT_REQ	0x0100
87#define SE_DESC_SACL_AUTO_INHERIT_REQ	0x0200
88#define SE_DESC_DACL_AUTO_INHERITED	0x0400
89#define SE_DESC_SACL_AUTO_INHERITED	0x0800
90#define SE_DESC_DACL_PROTECTED		0x1000
91#define SE_DESC_SACL_PROTECTED		0x2000
92
93/* Don't know what this means. */
94#define SEC_DESC_RM_CONTROL_VALID	0x4000
95
96#define SEC_DESC_SELF_RELATIVE		0x8000
97
98/* security information */
99#define OWNER_SECURITY_INFORMATION	0x00000001
100#define GROUP_SECURITY_INFORMATION	0x00000002
101#define DACL_SECURITY_INFORMATION	0x00000004
102#define SACL_SECURITY_INFORMATION	0x00000008
103/* Extra W2K flags. */
104#define UNPROTECTED_SACL_SECURITY_INFORMATION	0x10000000
105#define UNPROTECTED_DACL_SECURITY_INFORMATION	0x20000000
106#define PROTECTED_SACL_SECURITY_INFORMATION	0x40000000
107#define PROTECTED_DACL_SECURITY_INFORMATION	0x80000000
108
109#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
110					DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
111					UNPROTECTED_SACL_SECURITY_INFORMATION|\
112					UNPROTECTED_DACL_SECURITY_INFORMATION|\
113					PROTECTED_SACL_SECURITY_INFORMATION|\
114					PROTECTED_DACL_SECURITY_INFORMATION)
115
116/* SEC_ACCESS */
117typedef struct security_info_info
118{
119	uint32 mask;
120
121} SEC_ACCESS;
122
123/* SEC_ACE */
124typedef struct security_ace_info
125{
126	uint8 type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
127	uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
128	uint16 size;
129
130	SEC_ACCESS info;
131
132	/* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
133	uint32  obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
134	struct uuid obj_guid;  /* object GUID */
135	struct uuid inh_guid;  /* inherited object GUID */
136        /* eof object stuff */
137
138	DOM_SID trustee;
139
140} SEC_ACE;
141#define  SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
142
143#ifndef ACL_REVISION
144#define ACL_REVISION 0x3
145#endif
146
147#ifndef NT4_ACL_REVISION
148#define NT4_ACL_REVISION 0x2
149#endif
150
151#ifndef _SEC_ACL
152/* SEC_ACL */
153typedef struct security_acl_info
154{
155	uint16 revision; /* 0x0003 */
156	uint16 size; /* size in bytes of the entire ACL structure */
157	uint32 num_aces; /* number of Access Control Entries */
158
159	SEC_ACE *ace;
160
161} SEC_ACL;
162#define  SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32))
163#define _SEC_ACL
164#endif
165
166#ifndef SEC_DESC_REVISION
167#define SEC_DESC_REVISION 0x1
168#endif
169
170#ifndef _SEC_DESC
171/* SEC_DESC */
172typedef struct security_descriptor_info
173{
174	uint16 revision; /* 0x0001 */
175	uint16 type;     /* SEC_DESC_xxxx flags */
176
177	uint32 off_owner_sid; /* offset to owner sid */
178	uint32 off_grp_sid  ; /* offset to group sid */
179	uint32 off_sacl     ; /* offset to system list of permissions */
180	uint32 off_dacl     ; /* offset to list of permissions */
181
182	SEC_ACL *dacl; /* user ACL */
183	SEC_ACL *sacl; /* system ACL */
184	DOM_SID *owner_sid;
185	DOM_SID *grp_sid;
186
187} SEC_DESC;
188#define  SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))
189#define _SEC_DESC
190#endif
191
192#ifndef _SEC_DESC_BUF
193/* SEC_DESC_BUF */
194typedef struct sec_desc_buf_info
195{
196	uint32 max_len;
197	uint32 ptr;
198	uint32 len;
199
200	SEC_DESC *sec;
201
202} SEC_DESC_BUF;
203#define _SEC_DESC_BUF
204#endif
205
206/* A type to describe the mapping of generic access rights to object
207   specific access rights. */
208
209typedef struct generic_mapping {
210	uint32 generic_read;
211	uint32 generic_write;
212	uint32 generic_execute;
213	uint32 generic_all;
214} GENERIC_MAPPING;
215
216typedef struct standard_mapping {
217	uint32 std_read;
218	uint32 std_write;
219	uint32 std_execute;
220	uint32 std_all;
221} STANDARD_MAPPING;
222
223
224/* Security Access Masks Rights */
225
226#define SPECIFIC_RIGHTS_MASK	0x0000FFFF
227#define STANDARD_RIGHTS_MASK	0x00FF0000
228#define GENERIC_RIGHTS_MASK	0xF0000000
229
230#define SEC_RIGHT_SYSTEM_SECURITY	0x01000000
231#define SEC_RIGHT_MAXIMUM_ALLOWED	0x02000000
232
233/* Generic access rights */
234
235#define GENERIC_RIGHT_ALL_ACCESS	0x10000000
236#define GENERIC_RIGHT_EXECUTE_ACCESS	0x20000000
237#define GENERIC_RIGHT_WRITE_ACCESS	0x40000000
238#define GENERIC_RIGHT_READ_ACCESS	0x80000000
239
240/* Standard access rights. */
241
242#define STD_RIGHT_DELETE_ACCESS		0x00010000
243#define STD_RIGHT_READ_CONTROL_ACCESS	0x00020000
244#define STD_RIGHT_WRITE_DAC_ACCESS	0x00040000
245#define STD_RIGHT_WRITE_OWNER_ACCESS	0x00080000
246#define STD_RIGHT_SYNCHRONIZE_ACCESS	0x00100000
247
248#define STD_RIGHT_ALL_ACCESS		0x001F0000
249
250/* Combinations of standard masks. */
251#define STANDARD_RIGHTS_ALL_ACCESS	STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
252#define STANDARD_RIGHTS_EXECUTE_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
253#define STANDARD_RIGHTS_READ_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
254#define STANDARD_RIGHTS_WRITE_ACCESS \
255		(STD_RIGHT_WRITE_OWNER_ACCESS	| \
256		 STD_RIGHT_WRITE_DAC_ACCESS	| \
257		 STD_RIGHT_DELETE_ACCESS)	/* 0x000d0000 */
258#define STANDARD_RIGHTS_REQUIRED_ACCESS \
259		(STD_RIGHT_DELETE_ACCESS	| \
260		STD_RIGHT_READ_CONTROL_ACCESS	| \
261		STD_RIGHT_WRITE_DAC_ACCESS	| \
262		STD_RIGHT_WRITE_OWNER_ACCESS)	/* 0x000f0000 */
263
264/* File Object specific access rights */
265
266#define SA_RIGHT_FILE_READ_DATA		0x00000001
267#define SA_RIGHT_FILE_WRITE_DATA	0x00000002
268#define SA_RIGHT_FILE_APPEND_DATA	0x00000004
269#define SA_RIGHT_FILE_READ_EA		0x00000008
270#define SA_RIGHT_FILE_WRITE_EA		0x00000010
271#define SA_RIGHT_FILE_EXECUTE		0x00000020
272#define SA_RIGHT_FILE_DELETE_CHILD	0x00000040
273#define SA_RIGHT_FILE_READ_ATTRIBUTES	0x00000080
274#define SA_RIGHT_FILE_WRITE_ATTRIBUTES	0x00000100
275
276#define SA_RIGHT_FILE_ALL_ACCESS	0x000001FF
277
278#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
279		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
280		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
281		SA_RIGHT_FILE_ALL_ACCESS)
282
283#define GENERIC_RIGHTS_FILE_READ	\
284		(STANDARD_RIGHTS_READ_ACCESS	| \
285		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
286		SA_RIGHT_FILE_READ_DATA		| \
287		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
288		SA_RIGHT_FILE_READ_EA)
289
290#define GENERIC_RIGHTS_FILE_WRITE \
291		(STANDARD_RIGHTS_WRITE_ACCESS	| \
292		STD_RIGHT_SYNCHRONIZE_ACCESS	| \
293		SA_RIGHT_FILE_WRITE_DATA	| \
294		SA_RIGHT_FILE_WRITE_ATTRIBUTES	| \
295		SA_RIGHT_FILE_WRITE_EA		| \
296		SA_RIGHT_FILE_APPEND_DATA)
297
298#define GENERIC_RIGHTS_FILE_EXECUTE \
299		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
300		SA_RIGHT_FILE_READ_ATTRIBUTES	| \
301		SA_RIGHT_FILE_EXECUTE)
302
303
304/* SAM server specific access rights */
305
306#define SA_RIGHT_SAM_CONNECT_SERVER	0x00000001
307#define SA_RIGHT_SAM_SHUTDOWN_SERVER	0x00000002
308#define SA_RIGHT_SAM_INITIALISE_SERVER	0x00000004
309#define SA_RIGHT_SAM_CREATE_DOMAIN	0x00000008
310#define SA_RIGHT_SAM_ENUM_DOMAINS	0x00000010
311#define SA_RIGHT_SAM_OPEN_DOMAIN	0x00000020
312
313#define SA_RIGHT_SAM_ALL_ACCESS		0x0000003F
314
315#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
316		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
317		SA_RIGHT_SAM_ALL_ACCESS)
318
319#define GENERIC_RIGHTS_SAM_READ	\
320		(STANDARD_RIGHTS_READ_ACCESS	| \
321		SA_RIGHT_SAM_ENUM_DOMAINS)
322
323#define GENERIC_RIGHTS_SAM_WRITE \
324		(STANDARD_RIGHTS_WRITE_ACCESS	| \
325		SA_RIGHT_SAM_CREATE_DOMAIN	| \
326		SA_RIGHT_SAM_INITIALISE_SERVER	| \
327		SA_RIGHT_SAM_SHUTDOWN_SERVER)
328
329#define GENERIC_RIGHTS_SAM_EXECUTE \
330		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
331		SA_RIGHT_SAM_OPEN_DOMAIN	| \
332		SA_RIGHT_SAM_CONNECT_SERVER)
333
334
335/* Domain Object specific access rights */
336
337#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1		0x00000001
338#define SA_RIGHT_DOMAIN_SET_INFO_1		0x00000002
339#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2		0x00000004
340#define SA_RIGHT_DOMAIN_SET_INFO_2		0x00000008
341#define SA_RIGHT_DOMAIN_CREATE_USER		0x00000010
342#define SA_RIGHT_DOMAIN_CREATE_GROUP		0x00000020
343#define SA_RIGHT_DOMAIN_CREATE_ALIAS		0x00000040
344#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM	0x00000080
345#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS		0x00000100
346#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT		0x00000200
347#define SA_RIGHT_DOMAIN_SET_INFO_3		0x00000400
348
349#define SA_RIGHT_DOMAIN_ALL_ACCESS		0x000007FF
350
351#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
352		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
353		SA_RIGHT_DOMAIN_ALL_ACCESS)
354
355#define GENERIC_RIGHTS_DOMAIN_READ \
356		(STANDARD_RIGHTS_READ_ACCESS		| \
357		SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM	| \
358		SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
359
360#define GENERIC_RIGHTS_DOMAIN_WRITE \
361		(STANDARD_RIGHTS_WRITE_ACCESS	| \
362		SA_RIGHT_DOMAIN_SET_INFO_3	| \
363		SA_RIGHT_DOMAIN_CREATE_ALIAS	| \
364		SA_RIGHT_DOMAIN_CREATE_GROUP	| \
365		SA_RIGHT_DOMAIN_CREATE_USER	| \
366		SA_RIGHT_DOMAIN_SET_INFO_2	| \
367		SA_RIGHT_DOMAIN_SET_INFO_1)
368
369#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
370		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
371		SA_RIGHT_DOMAIN_OPEN_ACCOUNT	| \
372		SA_RIGHT_DOMAIN_ENUM_ACCOUNTS	| \
373		SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
374
375
376/* User Object specific access rights */
377
378#define SA_RIGHT_USER_GET_NAME_ETC	0x00000001
379#define SA_RIGHT_USER_GET_LOCALE	0x00000002
380#define SA_RIGHT_USER_SET_LOC_COM	0x00000004
381#define SA_RIGHT_USER_GET_LOGONINFO	0x00000008
382#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY	0x00000010
383#define SA_RIGHT_USER_SET_ATTRIBUTES	0x00000020
384#define SA_RIGHT_USER_CHANGE_PASSWORD	0x00000040
385#define SA_RIGHT_USER_SET_PASSWORD	0x00000080
386#define SA_RIGHT_USER_GET_GROUPS	0x00000100
387#define SA_RIGHT_USER_READ_GROUP_MEM	0x00000200
388#define SA_RIGHT_USER_CHANGE_GROUP_MEM	0x00000400
389
390#define SA_RIGHT_USER_ALL_ACCESS	0x000007FF
391
392#define GENERIC_RIGHTS_USER_ALL_ACCESS \
393		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
394		SA_RIGHT_USER_ALL_ACCESS)	/* 0x000f07ff */
395
396#define GENERIC_RIGHTS_USER_READ \
397		(STANDARD_RIGHTS_READ_ACCESS	| \
398		SA_RIGHT_USER_READ_GROUP_MEM	| \
399		SA_RIGHT_USER_GET_GROUPS	| \
400		SA_RIGHT_USER_ACCT_FLAGS_EXPIRY	| \
401		SA_RIGHT_USER_GET_LOGONINFO	| \
402		SA_RIGHT_USER_GET_LOCALE)	/* 0x0002031a */
403
404#define GENERIC_RIGHTS_USER_WRITE \
405		(STANDARD_RIGHTS_WRITE_ACCESS	| \
406		SA_RIGHT_USER_CHANGE_PASSWORD	| \
407		SA_RIGHT_USER_SET_LOC_COM	| \
408		SA_RIGHT_USER_SET_ATTRIBUTES	| \
409		SA_RIGHT_USER_SET_PASSWORD	| \
410		SA_RIGHT_USER_CHANGE_GROUP_MEM)	/* 0x000204e4 */
411
412#define GENERIC_RIGHTS_USER_EXECUTE \
413		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
414		SA_RIGHT_USER_CHANGE_PASSWORD	| \
415		SA_RIGHT_USER_GET_NAME_ETC )	/* 0x00020041 */
416
417
418/* Group Object specific access rights */
419
420#define SA_RIGHT_GROUP_LOOKUP_INFO	0x00000001
421#define SA_RIGHT_GROUP_SET_INFO		0x00000002
422#define SA_RIGHT_GROUP_ADD_MEMBER	0x00000004
423#define SA_RIGHT_GROUP_REMOVE_MEMBER	0x00000008
424#define SA_RIGHT_GROUP_GET_MEMBERS	0x00000010
425
426#define SA_RIGHT_GROUP_ALL_ACCESS	0x0000001F
427
428#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
429		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
430		SA_RIGHT_GROUP_ALL_ACCESS)	/* 0x000f001f */
431
432#define GENERIC_RIGHTS_GROUP_READ \
433		(STANDARD_RIGHTS_READ_ACCESS	| \
434		SA_RIGHT_GROUP_GET_MEMBERS)	/* 0x00020010 */
435
436#define GENERIC_RIGHTS_GROUP_WRITE \
437		(STANDARD_RIGHTS_WRITE_ACCESS	| \
438		SA_RIGHT_GROUP_REMOVE_MEMBER	| \
439		SA_RIGHT_GROUP_ADD_MEMBER	| \
440		SA_RIGHT_GROUP_SET_INFO )	/* 0x0002000e */
441
442#define GENERIC_RIGHTS_GROUP_EXECUTE \
443		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
444		SA_RIGHT_GROUP_LOOKUP_INFO)	/* 0x00020001 */
445
446
447/* Alias Object specific access rights */
448
449#define SA_RIGHT_ALIAS_ADD_MEMBER	0x00000001
450#define SA_RIGHT_ALIAS_REMOVE_MEMBER	0x00000002
451#define SA_RIGHT_ALIAS_GET_MEMBERS	0x00000004
452#define SA_RIGHT_ALIAS_LOOKUP_INFO	0x00000008
453#define SA_RIGHT_ALIAS_SET_INFO		0x00000010
454
455#define SA_RIGHT_ALIAS_ALL_ACCESS 	0x0000001F
456
457#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
458		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
459		SA_RIGHT_ALIAS_ALL_ACCESS)	/* 0x000f001f */
460
461#define GENERIC_RIGHTS_ALIAS_READ \
462		(STANDARD_RIGHTS_READ_ACCESS	| \
463		SA_RIGHT_ALIAS_GET_MEMBERS )	/* 0x00020004 */
464
465#define GENERIC_RIGHTS_ALIAS_WRITE \
466		(STANDARD_RIGHTS_WRITE_ACCESS	| \
467		SA_RIGHT_ALIAS_REMOVE_MEMBER	| \
468		SA_RIGHT_ALIAS_ADD_MEMBER	| \
469		SA_RIGHT_ALIAS_SET_INFO )	/* 0x00020013 */
470
471#define GENERIC_RIGHTS_ALIAS_EXECUTE \
472		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
473		SA_RIGHT_ALIAS_LOOKUP_INFO )	/* 0x00020008 */
474
475#endif /* _RPC_SECDES_H */
476