Merge branch 'master' of ssh://git.samba.org/data/git/samba into arc4

17 files changed, 276 insertions, 42 deletions

diff --git a/source3/lib/async_sock.c b/source3/lib/async_sock.c
index 1a4c27ba20..ffba6de832 100644
--- a/source3/lib/async_sock.c
+++ b/source3/lib/async_sock.c
@@ -658,12 +658,13 @@ struct async_req *async_connect(TALLOC_CTX *mem_ctx, struct event_context *ev,
 
 	state->fde = event_add_fd(ev, state, fd,
 				  EVENT_FD_READ | EVENT_FD_WRITE,
-				  async_connect_callback, state);
+				  async_connect_callback, result);
 	if (state->fde == NULL) {
 		sys_fcntl_long(fd, F_SETFL, p->old_sockflags);
 		TALLOC_FREE(result);
 		return NULL;
 	}
+	result->private_data = state;
 
 	state->param.param_connect.fd = fd;
 	state->param.param_connect.address = address;
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index 1ae23bcf82..5075476e94 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -260,7 +260,7 @@ static struct messaging_rec *ctdb_pull_messaging_rec(TALLOC_CTX *mem_ctx,
 	blob = data_blob_const(msg->data, msg->datalen);
 
 	ndr_err = ndr_pull_struct_blob(
-		&blob, result, result,
+		&blob, result, NULL, result,
 		(ndr_pull_flags_fn_t)ndr_pull_messaging_rec);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -636,7 +636,7 @@ NTSTATUS ctdbd_messaging_send(struct ctdbd_connection *conn,
 	}
 
 	ndr_err = ndr_push_struct_blob(
-		&blob, mem_ctx, msg,
+		&blob, mem_ctx, NULL, msg,
 		(ndr_push_flags_fn_t)ndr_push_messaging_rec);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c
index 63a5ce4de6..2818634b14 100644
--- a/source3/lib/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap_ctdb.c
@@ -405,8 +405,9 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct
 	return result;
 }
 
-static int db_ctdb_record_destructor(struct db_record *rec)
+static int db_ctdb_record_destructor(struct db_record **recp)
 {
+	struct db_record *rec = talloc_get_type_abort(*recp, struct db_record);
 	struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
 		rec->private_data, struct db_ctdb_transaction_handle);
 	int ret = h->ctx->db->transaction_commit(h->ctx->db);
@@ -424,7 +425,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
 							 TDB_DATA key)
 {
 	int res;
-	struct db_record *rec;
+	struct db_record *rec, **recp;
 
 	res = db_ctdb_transaction_start(ctx->db);
 	if (res == -1) {
@@ -438,7 +439,14 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
 	}
 
 	/* destroy this transaction when we release the lock */
-	talloc_set_destructor((struct db_record *)talloc_new(rec), db_ctdb_record_destructor);
+	recp = talloc(rec, struct db_record *);
+	if (recp == NULL) {
+		ctx->db->transaction_cancel(ctx->db);
+		talloc_free(rec);
+		return NULL;
+	}
+	*recp = rec;
+	talloc_set_destructor(recp, db_ctdb_record_destructor);
 	return rec;
 }
 
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index d835ea7c17..d91b55dd23 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -578,7 +578,9 @@ void setup_logging(const char *pname, bool interactive)
 	stdout_logging = False;
 	if (dbf) {
 		x_fflush(dbf);
-		(void) x_fclose(dbf);
+                if (dbf != x_stdout) {
+                        (void) x_fclose(dbf);
+                }
 	}
 
 	dbf = NULL;
diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c
index 67392e4568..5427a8173e 100644
--- a/source3/lib/display_sec.c
+++ b/source3/lib/display_sec.c
@@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
 /****************************************************************************
  display sec_access structure
  ****************************************************************************/
-void display_sec_access(SEC_ACCESS *info)
+void display_sec_access(uint32_t *info)
 {
 	char *mask_str = get_sec_mask_str(NULL, *info);
 	printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c
index dbe886e3d1..5c624bdebf 100644
--- a/source3/lib/dummysmbd.c
+++ b/source3/lib/dummysmbd.c
@@ -51,3 +51,18 @@ NTSTATUS can_delete_directory(struct connection_struct *conn,
 {
 	return NT_STATUS_OK;
 }
+
+bool change_to_root_user(void)
+{
+	return false;
+}
+
+struct event_context *smbd_event_context(void)
+{
+	return NULL;
+}
+
+struct messaging_context *smbd_messaging_context(void)
+{
+	return NULL;
+}
diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c
index 2cd2386c5c..9adb237096 100644
--- a/source3/lib/errmap_unix.c
+++ b/source3/lib/errmap_unix.c
@@ -128,3 +128,139 @@ NTSTATUS map_nt_error_from_unix(int unix_error)
 	/* Default return */
 	return NT_STATUS_ACCESS_DENIED;
 }
+
+/* Return a UNIX errno from a NT status code */
+static const struct {
+	NTSTATUS status;
+	int error;
+} nt_errno_map[] = {
+        {NT_STATUS_ACCESS_VIOLATION, EACCES},
+        {NT_STATUS_INVALID_HANDLE, EBADF},
+        {NT_STATUS_ACCESS_DENIED, EACCES},
+        {NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT},
+        {NT_STATUS_OBJECT_PATH_NOT_FOUND, ENOENT},
+        {NT_STATUS_SHARING_VIOLATION, EBUSY},
+        {NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR},
+        {NT_STATUS_OBJECT_NAME_COLLISION, EEXIST},
+        {NT_STATUS_PATH_NOT_COVERED, ENOENT},
+	{NT_STATUS_UNSUCCESSFUL, EINVAL},
+	{NT_STATUS_NOT_IMPLEMENTED, ENOSYS},
+	{NT_STATUS_IN_PAGE_ERROR, EFAULT}, 
+	{NT_STATUS_BAD_NETWORK_NAME, ENOENT},
+#ifdef EDQUOT
+	{NT_STATUS_PAGEFILE_QUOTA, EDQUOT},
+	{NT_STATUS_QUOTA_EXCEEDED, EDQUOT},
+	{NT_STATUS_REGISTRY_QUOTA_LIMIT, EDQUOT},
+	{NT_STATUS_LICENSE_QUOTA_EXCEEDED, EDQUOT},
+#endif
+#ifdef ETIME
+	{NT_STATUS_TIMER_NOT_CANCELED, ETIME},
+#endif
+	{NT_STATUS_INVALID_PARAMETER, EINVAL},
+	{NT_STATUS_NO_SUCH_DEVICE, ENODEV},
+	{NT_STATUS_NO_SUCH_FILE, ENOENT},
+#ifdef ENODATA
+	{NT_STATUS_END_OF_FILE, ENODATA}, 
+#endif
+#ifdef ENOMEDIUM
+	{NT_STATUS_NO_MEDIA_IN_DEVICE, ENOMEDIUM}, 
+	{NT_STATUS_NO_MEDIA, ENOMEDIUM},
+#endif
+	{NT_STATUS_NONEXISTENT_SECTOR, ESPIPE}, 
+        {NT_STATUS_NO_MEMORY, ENOMEM},
+	{NT_STATUS_CONFLICTING_ADDRESSES, EADDRINUSE},
+	{NT_STATUS_NOT_MAPPED_VIEW, EINVAL},
+	{NT_STATUS_UNABLE_TO_FREE_VM, EADDRINUSE},
+	{NT_STATUS_ACCESS_DENIED, EACCES}, 
+	{NT_STATUS_BUFFER_TOO_SMALL, ENOBUFS},
+	{NT_STATUS_WRONG_PASSWORD, EACCES},
+	{NT_STATUS_LOGON_FAILURE, EACCES},
+	{NT_STATUS_INVALID_WORKSTATION, EACCES},
+	{NT_STATUS_INVALID_LOGON_HOURS, EACCES},
+	{NT_STATUS_PASSWORD_EXPIRED, EACCES},
+	{NT_STATUS_ACCOUNT_DISABLED, EACCES},
+	{NT_STATUS_DISK_FULL, ENOSPC},
+	{NT_STATUS_INVALID_PIPE_STATE, EPIPE},
+	{NT_STATUS_PIPE_BUSY, EPIPE},
+	{NT_STATUS_PIPE_DISCONNECTED, EPIPE},
+	{NT_STATUS_PIPE_NOT_AVAILABLE, ENOSYS},
+	{NT_STATUS_FILE_IS_A_DIRECTORY, EISDIR},
+	{NT_STATUS_NOT_SUPPORTED, ENOSYS},
+	{NT_STATUS_NOT_A_DIRECTORY, ENOTDIR},
+	{NT_STATUS_DIRECTORY_NOT_EMPTY, ENOTEMPTY},
+	{NT_STATUS_NETWORK_UNREACHABLE, ENETUNREACH},
+	{NT_STATUS_HOST_UNREACHABLE, EHOSTUNREACH},
+	{NT_STATUS_CONNECTION_ABORTED, ECONNABORTED},
+	{NT_STATUS_CONNECTION_REFUSED, ECONNREFUSED},
+	{NT_STATUS_TOO_MANY_LINKS, EMLINK},
+	{NT_STATUS_NETWORK_BUSY, EBUSY},
+	{NT_STATUS_DEVICE_DOES_NOT_EXIST, ENODEV},
+#ifdef ELIBACC
+	{NT_STATUS_DLL_NOT_FOUND, ELIBACC},
+#endif
+	{NT_STATUS_PIPE_BROKEN, EPIPE},
+	{NT_STATUS_REMOTE_NOT_LISTENING, ECONNREFUSED},
+	{NT_STATUS_NETWORK_ACCESS_DENIED, EACCES},
+	{NT_STATUS_TOO_MANY_OPENED_FILES, EMFILE},
+#ifdef EPROTO
+	{NT_STATUS_DEVICE_PROTOCOL_ERROR, EPROTO},
+#endif
+	{NT_STATUS_FLOAT_OVERFLOW, ERANGE},
+	{NT_STATUS_FLOAT_UNDERFLOW, ERANGE},
+	{NT_STATUS_INTEGER_OVERFLOW, ERANGE},
+	{NT_STATUS_MEDIA_WRITE_PROTECTED, EROFS},
+	{NT_STATUS_PIPE_CONNECTED, EISCONN},
+	{NT_STATUS_MEMORY_NOT_ALLOCATED, EFAULT},
+	{NT_STATUS_FLOAT_INEXACT_RESULT, ERANGE},
+	{NT_STATUS_ILL_FORMED_PASSWORD, EACCES},
+	{NT_STATUS_PASSWORD_RESTRICTION, EACCES},
+	{NT_STATUS_ACCOUNT_RESTRICTION, EACCES},
+	{NT_STATUS_PORT_CONNECTION_REFUSED, ECONNREFUSED},
+	{NT_STATUS_NAME_TOO_LONG, ENAMETOOLONG},
+	{NT_STATUS_REMOTE_DISCONNECT, ESHUTDOWN},
+	{NT_STATUS_CONNECTION_DISCONNECTED, ECONNABORTED},
+	{NT_STATUS_CONNECTION_RESET, ENETRESET},
+#ifdef ENOTUNIQ
+	{NT_STATUS_IP_ADDRESS_CONFLICT1, ENOTUNIQ},
+	{NT_STATUS_IP_ADDRESS_CONFLICT2, ENOTUNIQ},
+#endif
+	{NT_STATUS_PORT_MESSAGE_TOO_LONG, EMSGSIZE},
+	{NT_STATUS_PROTOCOL_UNREACHABLE, ENOPROTOOPT},
+	{NT_STATUS_ADDRESS_ALREADY_EXISTS, EADDRINUSE},
+	{NT_STATUS_PORT_UNREACHABLE, EHOSTUNREACH},
+	{NT_STATUS_IO_TIMEOUT, ETIMEDOUT},
+	{NT_STATUS_RETRY, EAGAIN},
+#ifdef ENOTUNIQ
+	{NT_STATUS_DUPLICATE_NAME, ENOTUNIQ},
+#endif
+#ifdef ECOMM
+	{NT_STATUS_NET_WRITE_FAULT, ECOMM},
+#endif
+#ifdef EXDEV
+	{NT_STATUS_NOT_SAME_DEVICE, EXDEV},
+#endif
+	{NT_STATUS(0), 0}
+};
+
+int map_errno_from_nt_status(NTSTATUS status)
+{
+	int i;
+	DEBUG(10,("map_errno_from_nt_status: 32 bit codes: code=%08x\n",
+		NT_STATUS_V(status)));
+
+	/* Status codes without this bit set are not errors */
+
+	if (!(NT_STATUS_V(status) & 0xc0000000)) {
+		return 0;
+	}
+
+	for (i=0;nt_errno_map[i].error;i++) {
+		if (NT_STATUS_V(nt_errno_map[i].status) ==
+			    NT_STATUS_V(status)) {
+			return nt_errno_map[i].error;
+		}
+	}
+
+	/* for all other cases - a default code */
+	return EINVAL;
+}
diff --git a/source3/lib/ldb/common/ldb.c b/source3/lib/ldb/common/ldb.c
index 743711b967..c8aa6afdfc 100644
--- a/source3/lib/ldb/common/ldb.c
+++ b/source3/lib/ldb/common/ldb.c
@@ -787,6 +787,7 @@ int ldb_search(struct ldb_context *ldb,
 done:
 	if (ret != LDB_SUCCESS) {
 		talloc_free(res);
+		res = NULL;
 	}
 
 	*_res = res;
diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c
index 036af32f38..0d66be0eb1 100644
--- a/source3/lib/netapi/file.c
+++ b/source3/lib/netapi/file.c
@@ -47,7 +47,8 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
 					    r->in.server_name,
 					    r->in.fileid,
 					    &werr);
-	if (!W_ERROR_IS_OK(werr)) {
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
 		goto done;
 	}
 
diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
index 07a6544af1..76c0d0be2a 100644
--- a/source3/lib/netapi/getdc.c
+++ b/source3/lib/netapi/getdc.c
@@ -58,6 +58,10 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
 				       r->in.domain_name,
 				       (const char **)r->out.buffer,
 				       &werr);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
+	}
  done:
 
 	return werr;
diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c
index 1d0e1810f1..e6aed36064 100644
--- a/source3/lib/netapi/share.c
+++ b/source3/lib/netapi/share.c
@@ -271,7 +271,8 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx,
 					   r->in.net_name,
 					   r->in.reserved,
 					   &werr);
-	if (!W_ERROR_IS_OK(werr)) {
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
 		goto done;
 	}
 
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index 7d0c47f331..fcb87b77be 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -108,18 +108,18 @@ static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX,
 			      infoX->usriX_workstations,
 			      infoX->usriX_usr_comment,
 			      &zero_parameters,
-			      0,
+			      infoX->usriX_user_id,
 			      infoX->usriX_primary_group_id,
 			      infoX->usriX_flags,
 			      fields_present,
 			      zero_logon_hours,
-			      0,
-			      0,
+			      infoX->usriX_bad_pw_count,
+			      infoX->usriX_num_logons,
 			      infoX->usriX_country_code,
+			      infoX->usriX_code_page,
 			      0,
 			      0,
-			      0,
-			      0);
+			      infoX->usriX_password_expired);
 }
 
 /****************************************************************
@@ -132,6 +132,7 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
 	struct USER_INFO_0 *u0 = NULL;
 	struct USER_INFO_1 *u1 = NULL;
 	struct USER_INFO_2 *u2 = NULL;
+	struct USER_INFO_3 *u3 = NULL;
 	struct USER_INFO_1003 *u1003 = NULL;
 	struct USER_INFO_1006 *u1006 = NULL;
 	struct USER_INFO_1007 *u1007 = NULL;
@@ -193,6 +194,37 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
 			uX->usriX_country_code	= u2->usri2_country_code;
 			uX->usriX_code_page	= u2->usri2_code_page;
 			break;
+		case 3:
+			u3 = (struct USER_INFO_3 *)buffer;
+			uX->usriX_name		= u3->usri3_name;
+			uX->usriX_password_age	= u3->usri3_password_age;
+			uX->usriX_priv		= u3->usri3_priv;
+			uX->usriX_home_dir	= u3->usri3_home_dir;
+			uX->usriX_comment	= u3->usri3_comment;
+			uX->usriX_flags		= u3->usri3_flags;
+			uX->usriX_script_path	= u3->usri3_script_path;
+			uX->usriX_auth_flags	= u3->usri3_auth_flags;
+			uX->usriX_full_name	= u3->usri3_full_name;
+			uX->usriX_usr_comment	= u3->usri3_usr_comment;
+			uX->usriX_parms		= u3->usri3_parms;
+			uX->usriX_workstations	= u3->usri3_workstations;
+			uX->usriX_last_logon	= u3->usri3_last_logon;
+			uX->usriX_last_logoff	= u3->usri3_last_logoff;
+			uX->usriX_acct_expires	= u3->usri3_acct_expires;
+			uX->usriX_max_storage	= u3->usri3_max_storage;
+			uX->usriX_units_per_week= u3->usri3_units_per_week;
+			uX->usriX_logon_hours	= u3->usri3_logon_hours;
+			uX->usriX_bad_pw_count	= u3->usri3_bad_pw_count;
+			uX->usriX_num_logons	= u3->usri3_num_logons;
+			uX->usriX_logon_server	= u3->usri3_logon_server;
+			uX->usriX_country_code	= u3->usri3_country_code;
+			uX->usriX_code_page	= u3->usri3_code_page;
+			uX->usriX_user_id	= u3->usri3_user_id;
+			uX->usriX_primary_group_id = u3->usri3_primary_group_id;
+			uX->usriX_profile	= u3->usri3_profile;
+			uX->usriX_home_dir_drive = u3->usri3_home_dir_drive;
+			uX->usriX_password_expired = u3->usri3_password_expired;
+			break;
 		case 1003:
 			u1003 = (struct USER_INFO_1003 *)buffer;
 			uX->usriX_password	= u1003->usri1003_password;
@@ -237,7 +269,6 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
 			u1053 = (struct USER_INFO_1053 *)buffer;
 			uX->usriX_home_dir_drive = u1053->usri1053_home_dir_drive;
 			break;
-		case 3:
 		case 4:
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
@@ -1753,9 +1784,17 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
 			user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES |
 				    SAMR_USER_ACCESS_GET_GROUPS;
 			break;
+		case 3:
+			user_mask = STD_RIGHT_READ_CONTROL_ACCESS |
+				    STD_RIGHT_WRITE_DAC_ACCESS |
+				    SAMR_USER_ACCESS_GET_GROUPS |
+				    SAMR_USER_ACCESS_SET_PASSWORD |
+				    SAMR_USER_ACCESS_SET_ATTRIBUTES |
+				    SAMR_USER_ACCESS_GET_ATTRIBUTES |
+				    SAMR_USER_ACCESS_SET_LOC_COM;
+			break;
 		case 1:
 		case 2:
-		case 3:
 		case 4:
 		case 21:
 		case 22:
diff --git a/source3/lib/readline.c b/source3/lib/readline.c
index 254f55c86a..cafb5a9f62 100644
--- a/source3/lib/readline.c
+++ b/source3/lib/readline.c
@@ -45,6 +45,24 @@
 #  define RL_COMPLETION_CAST
 #endif /* HAVE_NEW_LIBREADLINE */
 
+static bool smb_rl_done;
+
+#if HAVE_LIBREADLINE
+/*
+ * MacOS/X does not have rl_done in readline.h, but
+ * readline.so has it
+ */
+extern int rl_done;
+#endif
+
+void smb_readline_done(void)
+{
+	smb_rl_done = true;
+#if HAVE_LIBREADLINE
+	rl_done = 1;
+#endif
+}
+
 /****************************************************************************
  Display the prompt and wait for input. Call callback() regularly
 ****************************************************************************/
@@ -69,7 +87,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
 		return NULL;
 	}
 
-	while (1) {
+	while (!smb_rl_done) {
 		timeout.tv_sec = 5;
 		timeout.tv_usec = 0;
 
@@ -87,6 +105,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
 			callback();
 		}
 	}
+	return NULL;
 }
 
 /****************************************************************************
diff --git a/source3/lib/secace.c b/source3/lib/secace.c
index 8760a6109a..9f5a0c02ba 100644
--- a/source3/lib/secace.c
+++ b/source3/lib/secace.c
@@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
 ********************************************************************/
 
 void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
-		  uint32 mask, uint8 flag)
+		  uint32_t mask, uint8 flag)
 {
 	t->type = type;
 	t->flags = flag;
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 4965200bc1..52ff067d6a 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 		if (!inherit)
 			continue;
 
-		init_sec_access(&new_ace->access_mask, ace->access_mask);
+		new_ace->access_mask = ace->access_mask;
 		init_sec_ace(new_ace, &ace->trustee, ace->type,
 			     new_ace->access_mask, new_flags);
 
@@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 
 	return sdb;
 }
-
-/*******************************************************************
- Sets up a SEC_ACCESS structure.
-********************************************************************/
-
-void init_sec_access(uint32 *t, uint32 mask)
-{
-	*t = mask;
-}
-
-
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index 33f66ca47f..298655e181 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -124,7 +124,7 @@ static bool share_info_db_init(void)
 
 SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
 {
-	SEC_ACCESS sa;
+	uint32_t sa;
 	SEC_ACE ace;
 	SEC_ACL *psa = NULL;
 	SEC_DESC *psd = NULL;
@@ -132,7 +132,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def
 
 	se_map_generic(&spec_access, &file_generic_mapping);
 
-	init_sec_access(&sa, def_access | spec_access );
+	sa = (def_access | spec_access );
 	init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
 
 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
@@ -332,7 +332,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
 	}
 
 	for (i = 0; i < num_aces; i++) {
-		SEC_ACCESS sa;
+		uint32_t sa;
 		uint32 g_access;
 		uint32 s_access;
 		DOM_SID sid;
@@ -380,7 +380,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
 		pacl++; /* Go past any ',' */
 
 		se_map_generic(&s_access, &file_generic_mapping);
-		init_sec_access(&sa, g_access | s_access );
+		sa = (g_access | s_access);
 		init_sec_ace(&ace_list[i], &sid, type, sa, 0);
 	}
 
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 87e70bb95b..7e461556b3 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token;
 static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, 
 			NTSTATUS *status)
 {
-	uint32 mask = ace->access_mask;
+	uint32_t mask = ace->access_mask;
 
 	/*
 	 * Inherit only is ignored.
@@ -176,6 +176,24 @@ void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping)
 	}
 }
 
+/* Map generic access rights to object specific rights for all the ACE's
+ * in a security_acl.
+ */
+
+void security_acl_map_generic(struct security_acl *sa,
+				const struct generic_mapping *mapping)
+{
+	unsigned int i;
+
+	if (!sa) {
+		return;
+	}
+
+	for (i = 0; i < sa->num_aces; i++) {
+		se_map_generic(&sa->aces[i].access_mask, mapping);
+	}
+}
+
 /* Map standard access rights to object specific rights.  This technique is
    used to give meaning to assigning read, write, execute and all access to
    objects.  Each type of object has its own mapping of standard to object
@@ -328,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
 	DOM_SID act_sid;
 
 	SEC_ACE ace[3];
-	SEC_ACCESS mask;
 
 	SEC_ACL *psa = NULL;
 
@@ -339,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
 	sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
 
 	/*basic access for every one*/
-	init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
-	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
 
 	/*full access for builtin aliases Administrators and Account Operators*/
-	init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
-	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-	init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[1], &adm_sid,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
+	init_sec_ace(&ace[2], &act_sid,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
 
 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
 		return NT_STATUS_NO_MEMORY;