security.idl: add SMB_SUPPORTED_SECINFO_FLAGS

A SMB server should only care about specific SECINFO flags
and ignore others e.g. SECINFO_PROTECTED_DACL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 4f0e90069b364b9dd9a580f42392f4d39456e41c..d886b517160726fbf797f42055e439b1ec892114 100644 (file)
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -609,6 +609,24 @@ interface security
                SECINFO_PROTECTED_DACL       = 0x80000000
        } security_secinfo;
 
+       /*
+        * a SMB server should only support the following flags
+        * and ignore all others.
+        *
+        * See AdditionalInformation in [MS-SMB2] 2.2.37 SMB2 QUERY_INFO Request
+        * and 2.2.39 SMB2 SET_INFO Request.
+        */
+       const int SMB_SUPPORTED_SECINFO_FLAGS = (
+               SECINFO_OWNER           |
+               SECINFO_GROUP           |
+               SECINFO_DACL            |
+               SECINFO_SACL            |
+               SECINFO_LABEL           |
+               SECINFO_ATTRIBUTE       |
+               SECINFO_SCOPE           |
+               SECINFO_BACKUP          |
+               0);
+
        typedef [public,bitmap32bit] bitmap {
                KERB_ENCTYPE_DES_CBC_CRC             = 0x00000001,
                KERB_ENCTYPE_DES_CBC_MD5             = 0x00000002,