added some explanations for epmapper IDL and dom_sid2

(This used to be commit 5962f1cffa9273cc06c8a3c4a112f3ce94b84dae)

2 files changed, 24 insertions, 1 deletions

diff --git a/source4/librpc/idl/epmapper.idl b/source4/librpc/idl/epmapper.idl
index c58ceb1fc0..d2e34e4c31 100644
--- a/source4/librpc/idl/epmapper.idl
+++ b/source4/librpc/idl/epmapper.idl
@@ -12,6 +12,14 @@
 interface epmapper
 {
 
+	/*
+	  note that the following IDL won't work in MIDL, and in fact
+	  that the full towers/floors representation of epm cannot be
+	  represented in MIDL at all. I decided to represent it using
+	  the extended IDL syntax in pidl to make it easier to work
+	  with.
+	*/
+
 	typedef struct {
 		GUID uuid;
 		uint16 version;
@@ -36,6 +44,11 @@ interface epmapper
 		[subcontext(2)] epm_rhs rhs;
 	} epm_floor;
 
+	/* not that the NDR_NOALIGN flag is inherited by all nested
+	   structures. All of the towers/floors stuff is
+	   non-aligned. I wonder what sort of wicked substance these
+	   guys were smoking? 
+	*/
 	typedef [flag(NDR_NOALIGN)] struct {
 		uint16 num_floors;
 		epm_floor floors[num_floors];
diff --git a/source4/librpc/ndr/ndr_sec.h b/source4/librpc/ndr/ndr_sec.h
index 27a1311adc..728d46535d 100644
--- a/source4/librpc/ndr/ndr_sec.h
+++ b/source4/librpc/ndr/ndr_sec.h
@@ -22,7 +22,17 @@
 */
 
 
-/* use the same structure for dom_sid2 as dom_sid */
+/* 
+ use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
+ just a dom sid, but with the sub_auths represented as a conformant
+ array. As with all in-structure conformant arrays, the array length
+ is placed before the start of the structure. That's what gives rise
+ to the extra num_auths elemenent. We don't want the Samba code to
+ have to bother with such esoteric NDR details, so its easier to just
+ define it as a dom_sid and use pidl magic to make it all work. It
+ just means you need to mark a sid as a "dom_sid2" in the IDL when you
+ know it is of the conformant array variety
+*/
 #define dom_sid2 dom_sid
 
 /* query security descriptor */