security descriptors.

kanji const char* warnings.
(This used to be commit 06abdfd68e1d7fa8741afc3f56ec7a13b5fa4ccc)

4 files changed, 44 insertions, 22 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index e7f48ce044..547458c07d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -306,6 +306,7 @@ BOOL sid_append_rid(DOM_SID *sid, uint32 rid);
 BOOL sid_split_rid(DOM_SID *sid, uint32 *rid);
 void sid_copy(DOM_SID *sid1, DOM_SID *sid2);
 BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2);
+int sid_size(DOM_SID *sid);
 
 /*The following definitions come from  lib/util_sock.c  */
 
@@ -1334,7 +1335,7 @@ BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name);
 BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name);
 BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
 				char *key_name, char *key_class,
-				SEC_INFO *sam_access,
+				SEC_ACCESS *sam_access,
 				POLICY_HND *key);
 BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
 				int key_index, char *key_name,
@@ -1644,7 +1645,7 @@ void reg_io_q_flush_key(char *desc,  REG_Q_FLUSH_KEY *r_q, prs_struct *ps, int d
 void reg_io_r_flush_key(char *desc,  REG_R_FLUSH_KEY *r_r, prs_struct *ps, int depth);
 void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
 				char *name, char *class,
-				SEC_INFO *sam_access);
+				SEC_ACCESS *sam_access);
 void reg_io_q_create_key(char *desc,  REG_Q_CREATE_KEY *r_q, prs_struct *ps, int depth);
 void reg_io_r_create_key(char *desc,  REG_R_CREATE_KEY *r_r, prs_struct *ps, int depth);
 void make_reg_q_delete_val(REG_Q_DELETE_VALUE *q_c, POLICY_HND *hnd,
@@ -1940,10 +1941,19 @@ void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct
 
 /*The following definitions come from  rpc_parse/parse_sec.c  */
 
-void sec_io_info(char *desc, SEC_INFO *t, prs_struct *ps, int depth);
+void make_sec_access(SEC_ACCESS *t, uint32 mask);
+void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth);
+void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag);
 void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth);
+void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace);
+void free_sec_acl(SEC_ACL *t);
 void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth);
+int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type,
+				DOM_SID *owner_sid, DOM_SID *grp_sid,
+				SEC_ACL *sacl, SEC_ACL *dacl);
+void free_sec_desc(SEC_DESC *t);
 void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data);
+void free_sec_desc_buf(SEC_DESC_BUF *buf);
 void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth);
 
 /*The following definitions come from  rpc_parse/parse_srv.c  */
@@ -2199,8 +2209,8 @@ void display_group_rid_info(FILE *out_hnd, enum action_type action,
 void display_alias_name_info(FILE *out_hnd, enum action_type action,
 				uint32 num_aliases, fstring *alias_name, uint32 *num_als_usrs);
 void display_sam_user_info_21(FILE *out_hnd, enum action_type action, SAM_USER_INFO_21 *usr);
-char *get_sec_perms_str(uint32 type);
-void display_sec_info(FILE *out_hnd, enum action_type action, SEC_INFO *info);
+char *get_sec_mask_str(uint32 type);
+void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *info);
 void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *ace);
 void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *acl);
 void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *sec);
diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h
index 163dfd67fe..ceb88ad657 100644
--- a/source3/include/rpc_reg.h
+++ b/source3/include/rpc_reg.h
@@ -104,11 +104,11 @@ typedef struct q_reg_set_key_sec_info
 {
 	POLICY_HND pol;         /* policy handle */
 
-	uint32 unknown;       /* 0x0000 0004 */
+	uint32 sec_info;       /* xxxx_SECURITY_INFORMATION */
 
 	uint32 ptr;       /* pointer */
 	BUFHDR hdr_sec;    /* header for security data */
-	SEC_DESC_BUF data;    /* security data */
+	SEC_DESC_BUF *data;    /* security data */
 	
 } REG_Q_SET_KEY_SEC;
 
@@ -125,7 +125,7 @@ typedef struct q_reg_get_key_sec_info
 {
 	POLICY_HND pol;         /* policy handle */
 
-	uint32 unknown;       /* 0x0000 0007 */
+	uint32 sec_info;       /* xxxx_SECURITY_INFORMATION */
 
 	uint32 ptr;       /* pointer */
 	BUFHDR hdr_sec;    /* header for security data */
@@ -136,7 +136,7 @@ typedef struct q_reg_get_key_sec_info
 /* REG_R_GET_KEY_SEC */
 typedef struct r_reg_get_key_sec_info
 {
-	uint32 unknown;       /* 0x0000 0007 */
+	uint32 sec_info;       /* xxxx_SECURITY_INFORMATION */
 
 	uint32 ptr;       /* pointer */
 	BUFHDR hdr_sec;    /* header for security data */
@@ -225,7 +225,7 @@ typedef struct q_reg_create_key_info
 	UNISTR2 uni_class;
 
 	uint32 reserved; /* 0x0000 0000 */
-	SEC_INFO sam_access; /* access rights flags, see rpc_secdes.h */
+	SEC_ACCESS sam_access; /* access rights flags, see rpc_secdes.h */
 
 	uint32 ptr1;
 	uint32 unknown_0; /* 0x0000 000C */
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index b317ead5e1..5d5a1d0d84 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -60,24 +60,30 @@
 #define SEC_DESC_SACL_DEFAULTED		0x0020
 #define SEC_DESC_SELF_RELATIVE		0x8000
 
+/* security information */
 
+#define OWNER_SECURITY_INFORMATION 0x00000001
+#define GROUP_SECURITY_INFORMATION 0x00000002
+#define DACL_SECURITY_INFORMATION  0x00000004
+#define SACL_SECURITY_INFORMATION  0x00000008
 
 
-/* SEC_INFO */
+
+/* SEC_ACCESS */
 typedef struct security_info_info
 {
-	uint32 perms;
+	uint32 mask;
 
-} SEC_INFO;
+} SEC_ACCESS;
 
 /* SEC_ACE */
 typedef struct security_ace_info
 {
-	uint8 type;
-	uint8 flags;
+	uint8 type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
+	uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
 	uint16 size;
 
-	SEC_INFO info;
+	SEC_ACCESS info;
 	DOM_SID sid;
 
 } SEC_ACE;
@@ -92,7 +98,7 @@ typedef struct security_acl_info
 	uint16 size; /* size in bytes of the entire ACL structure */
 	uint32 num_aces; /* number of Access Control Entries */
 
-	SEC_ACE ace[MAX_SEC_ACES];
+	SEC_ACE *ace;
 
 } SEC_ACL;
 
@@ -108,10 +114,10 @@ typedef struct security_descriptor_info
 	uint32 off_sacl     ; /* offset to system list of permissions */
 	uint32 off_dacl     ; /* offset to list of permissions */
 
-	SEC_ACL dacl; /* user ACL */
-	SEC_ACL sacl; /* system ACL */
-	DOM_SID owner_sid; 
-	DOM_SID grp_sid;
+	SEC_ACL *dacl; /* user ACL */
+	SEC_ACL *sacl; /* system ACL */
+	DOM_SID *owner_sid; 
+	DOM_SID *grp_sid;
 
 } SEC_DESC;
 
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 47a8869a48..4f064d27d1 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1655,7 +1655,13 @@ extern int unix_ERR_code;
 #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
 
 /* zero a structure given a pointer to the structure */
-#define ZERO_STRUCTP(x) memset((char *)(x), 0, sizeof(*(x)))
+#if 0
+#define ZERO_STRUCTP(x) { }
+#else
+#define ZERO_STRUCTP(x) { if (x != NULL) memset((char *)(x), 0, sizeof(*(x))); }
+#endif
+
+#define ZERO_STRUCTPN(x) { if (x != NULL) ZERO_STRUCTP(x); }
 
 /* zero an array - note that sizeof(array) must work - ie. it must not be a 
    pointer */