4 files changed, 88 insertions, 14 deletions

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 66ff4fa9f0..45c7133f1e 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -814,6 +814,8 @@ extern int errno;
 
 #include "version.h"
 
+#include "privileges.h"
+
 #include "smb.h"
 
 #include "nameserv.h"
diff --git a/source3/include/privileges.h b/source3/include/privileges.h
index b7e1b44c2a..cdf62b7f85 100644
--- a/source3/include/privileges.h
+++ b/source3/include/privileges.h
@@ -4,6 +4,8 @@
    Copyright (C) Andrew Tridgell 1992-1997
    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
    Copyright (C) Paul Ashton 1997
+   Copyright (C) Simo Sorce 2003
+   Copyright (C) Gerald (Jerry) Carter 2004
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -23,22 +25,73 @@
 #ifndef PRIVILEGES_H
 #define PRIVILEGES_H
 
-#define PRIV_ALL_INDEX		5
+/* common privilege defines */
 
-#define SE_PRIV_NONE		0x0000
-#define SE_PRIV_ADD_MACHINES	0x0006
-#define SE_PRIV_SEC_PRIV	0x0008
-#define SE_PRIV_TAKE_OWNER	0x0009
-#define SE_PRIV_ADD_USERS	0xff01
-#define SE_PRIV_PRINT_OPERATOR	0xff03
-#define SE_PRIV_ALL		0xffff
+#define SE_END				0x00000000
+#define SE_NONE				0x00000000
+#define SE_ALL_PRIVS                    0xFFFFFFFF
 
+
+/* 
+ * We will use our own set of privileges since it makes no sense
+ * to implement all of the Windows set when only a portion will
+ * be used. 
+ */
+
+#define SE_NETWORK_LOGON		0x00000001
+#define SE_INTERACTIVE_LOGON		0x00000002
+#define SE_BATCH_LOGON			0x00000004
+#define SE_SERVICE_LOGON		0x00000008
+#define SE_MACHINE_ACCOUNT		0x00000010
+#define SE_PRINT_OPERATOR		0x00000020
+#define SE_ADD_USERS			0x00000040
+
+#if 0	/* not needed currently */
+
+#define SE_ASSIGN_PRIMARY_TOKEN	
+#define SE_CREATE_TOKEN		
+#define SE_LOCK_MEMORY		
+#define SE_INCREASE_QUOTA	
+#define SE_UNSOLICITED_INPUT
+#define SE_TCB	
+#define SE_SECURITY	
+#define SE_TAKE_OWNERSHIP
+#define SE_LOAD_DRIVER	
+#define SE_SYSTEM_PROFILE	
+#define SE_SYSTEM_TIME	
+#define SE_PROF_SINGLE_PROCESS	
+#define SE_INC_BASE_PRIORITY
+#define SE_CREATE_PAGEFILE
+#define SE_CREATE_PERMANENT	
+#define SE_BACKUP
+#define SE_RESTORE
+#define SE_SHUTDOWN	
+#define SE_DEBUG
+#define SE_AUDIT	
+#define SE_SYSTEM_ENVIRONMENT	
+#define SE_CHANGE_NOTIFY
+#define SE_REMOTE_SHUTDOWN
+#define SE_UNDOCK
+#define SE_SYNC_AGENT	
+#define SE_ENABLE_DELEGATION
+
+#endif	/* not needed currently */
+
+/*
+ * These are used in Lsa replies (srv_lsa_nt.c)
+ */
 #define PR_NONE                0x0000
 #define PR_LOG_ON_LOCALLY      0x0001
 #define PR_ACCESS_FROM_NETWORK 0x0002
 #define PR_LOG_ON_BATCH_JOB    0x0004
 #define PR_LOG_ON_SERVICE      0x0010
 
+
+#ifndef _BOOL
+typedef int BOOL;
+#define _BOOL       /* So we don't typedef BOOL again in vfs.h */
+#endif
+
 typedef struct LUID
 {
 	uint32 low;
@@ -49,7 +102,7 @@ typedef struct LUID_ATTR
 {
 	LUID luid;
 	uint32 attr;
-} LUID_ATTR ;
+} LUID_ATTR;
 
 typedef struct privilege_set
 {
@@ -62,9 +115,8 @@ typedef struct privilege_set
 
 typedef struct _PRIVS {
 	uint32 se_priv;
-	const char *priv;
+	const char *name;
 	const char *description;
 } PRIVS;
 
-
 #endif /* PRIVILEGES_H */
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index 43ffa37d59..a2bc72d2b2 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -635,6 +635,20 @@ typedef struct lsa_r_unk_get_connuser
 } LSA_R_UNK_GET_CONNUSER;
 
 
+typedef struct lsa_q_createaccount
+{
+	POLICY_HND pol; /* policy handle */
+	DOM_SID2 sid;
+	uint32 access; /* access */
+} LSA_Q_CREATEACCOUNT;
+
+typedef struct lsa_r_createaccount
+{
+	POLICY_HND pol; /* policy handle */
+	NTSTATUS status;
+} LSA_R_CREATEACCOUNT;
+
+
 typedef struct lsa_q_openaccount
 {
 	POLICY_HND pol; /* policy handle */
@@ -657,7 +671,7 @@ typedef struct lsa_r_enumprivsaccount
 {
 	uint32 ptr;
 	uint32 count;
-	PRIVILEGE_SET *set;
+	PRIVILEGE_SET set;
 	NTSTATUS status;
 } LSA_R_ENUMPRIVSACCOUNT;
 
@@ -703,7 +717,7 @@ typedef struct lsa_q_addprivs
 {
 	POLICY_HND pol; /* policy handle */
 	uint32 count;
-	PRIVILEGE_SET *set;
+	PRIVILEGE_SET set;
 } LSA_Q_ADDPRIVS;
 
 typedef struct lsa_r_addprivs
@@ -718,7 +732,7 @@ typedef struct lsa_q_removeprivs
 	uint32 allrights;
 	uint32 ptr;
 	uint32 count;
-	PRIVILEGE_SET *set;
+	PRIVILEGE_SET set;
 } LSA_Q_REMOVEPRIVS;
 
 typedef struct lsa_r_removeprivs
diff --git a/source3/include/smb.h b/source3/include/smb.h
index d15f630507..1cf5aac0c5 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -281,6 +281,11 @@ typedef struct sid_info
 
 } DOM_SID;
 
+typedef struct sid_list {
+	uint32 count;
+	DOM_SID *list;
+} SID_LIST;
+
 /*
  * The complete list of SIDS belonging to this user.
  * Created when a vuid is registered.
@@ -297,6 +302,7 @@ typedef struct sid_info
 typedef struct _nt_user_token {
 	size_t num_sids;
 	DOM_SID *user_sids;
+	PRIVILEGE_SET privileges;
 } NT_USER_TOKEN;
 
 /*** query a local group, get a list of these: shows who is in that group ***/