2 files changed, 73 insertions, 46 deletions

diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index be5b120c2e..8304530e08 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -22,30 +22,54 @@
 #ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
 #define _RPC_SECDES_H 
 
-#define SEC_RIGHTS_QUERY_VALUE    0x00000001
-#define SEC_RIGHTS_SET_VALUE      0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY  0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS   0x00000008
-#define SEC_RIGHTS_NOTIFY         0x00000010
-#define SEC_RIGHTS_CREATE_LINK    0x00000020
-
-#define SEC_RIGHTS_READ           0x00020019
-#define SEC_RIGHTS_FULL_CONTROL   0x000f003f
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
-#define SEC_ACE_TYPE_ACCESS_ALLOWED	0x0
-#define SEC_ACE_TYPE_ACCESS_DENIED	0x1
-#define SEC_ACE_TYPE_SYSTEM_AUDIT	0x2
-#define SEC_ACE_TYPE_SYSTEM_ALARM	0x3
-
-#define SEC_ACE_FLAG_OBJECT_INHERIT	0x1
-#define SEC_ACE_FLAG_CONTAINER_INHERIT	0x2
+#define SEC_RIGHTS_QUERY_VALUE		0x00000001
+#define SEC_RIGHTS_SET_VALUE		0x00000002
+#define SEC_RIGHTS_CREATE_SUBKEY	0x00000004
+#define SEC_RIGHTS_ENUM_SUBKEYS		0x00000008
+#define SEC_RIGHTS_NOTIFY		0x00000010
+#define SEC_RIGHTS_CREATE_LINK		0x00000020
+#define SEC_RIGHTS_READ			0x00020019
+#define SEC_RIGHTS_FULL_CONTROL		0x000f003f
+#define SEC_RIGHTS_MAXIMUM_ALLOWED	0x02000000
+/* for ADS */
+#define	SEC_RIGHTS_LIST_CONTENTS	0x4
+#define SEC_RIGHTS_LIST_OBJECT		0x80
+#define	SEC_RIGHTS_READ_ALL_PROP	0x10
+#define	SEC_RIGHTS_READ_PERMS		0x20000
+#define SEC_RIGHTS_WRITE_ALL_VALID	0x8
+#define	SEC_RIGHTS_WRITE_ALL_PROP	0x20     
+#define SEC_RIGHTS_MODIFY_OWNER		0x80000
+#define	SEC_RIGHTS_MODIFY_PERMS		0x40000
+#define	SEC_RIGHTS_CREATE_CHILD		0x1
+#define	SEC_RIGHTS_DELETE_CHILD		0x2
+#define SEC_RIGHTS_DELETE_SUBTREE	0x40
+#define SEC_RIGHTS_DELETE               0x10000 /* advanced/special/object/delete */
+#define SEC_RIGHTS_EXTENDED		0x100 /* change/reset password, receive/send as*/
+#define	SEC_RIGHTS_CHANGE_PASSWD	SEC_RIGHTS_EXTENDED
+#define	SEC_RIGHTS_RESET_PASSWD		SEC_RIGHTS_EXTENDED
+#define SEC_RIGHTS_FULL_CTRL		0xf01ff
+
+#define SEC_ACE_OBJECT_PRESENT           0x00000001 /* thanks for Jim McDonough <jmcd@us.ibm.com> */
+#define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
+
+#define SEC_ACE_FLAG_OBJECT_INHERIT		0x1
+#define SEC_ACE_FLAG_CONTAINER_INHERIT		0x2
 #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT	0x4
-#define SEC_ACE_FLAG_INHERIT_ONLY	0x8
-#define SEC_ACE_FLAG_INHERITED_ACE	0x10 /* New for Windows 2000 */
-#define SEC_ACE_FLAG_VALID_INHERIT	0xf
-#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS	0x40
-#define SEC_ACE_FLAG_FAILED_ACCESS	0x80
+#define SEC_ACE_FLAG_INHERIT_ONLY		0x8
+#define SEC_ACE_FLAG_INHERITED_ACE		0x10 /* New for Windows 2000 */
+#define SEC_ACE_FLAG_VALID_INHERIT		0xf
+#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS		0x40
+#define SEC_ACE_FLAG_FAILED_ACCESS		0x80
+
+#define SEC_ACE_TYPE_ACCESS_ALLOWED		0x0
+#define SEC_ACE_TYPE_ACCESS_DENIED		0x1
+#define SEC_ACE_TYPE_SYSTEM_AUDIT		0x2
+#define SEC_ACE_TYPE_SYSTEM_ALARM		0x3
+#define SEC_ACE_TYPE_ALLOWED_COMPOUND		0x4
+#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT	0x5
+#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT     	0x6
+#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT      	0x7
+#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT	0x8
 
 #define SEC_DESC_OWNER_DEFAULTED	0x0001
 #define SEC_DESC_GROUP_DEFAULTED	0x0002
@@ -53,39 +77,40 @@
 #define SEC_DESC_DACL_DEFAULTED		0x0008
 #define SEC_DESC_SACL_PRESENT		0x0010
 #define SEC_DESC_SACL_DEFAULTED		0x0020
+#define SEC_DESC_SELF_RELATIVE		0x8000
 /*
  * New Windows 2000 bits.
  */
-#define SE_DESC_DACL_AUTO_INHERIT_REQ 0x0100
-#define SE_DESC_SACL_AUTO_INHERIT_REQ 0x0200
-#define SE_DESC_DACL_AUTO_INHERITED 0x0400
-#define SE_DESC_SACL_AUTO_INHERITED 0x0800
+#define SE_DESC_DACL_AUTO_INHERIT_REQ	0x0100
+#define SE_DESC_SACL_AUTO_INHERIT_REQ	0x0200
+#define SE_DESC_DACL_AUTO_INHERITED	0x0400
+#define SE_DESC_SACL_AUTO_INHERITED	0x0800
 #define SE_DESC_DACL_PROTECTED		0x1000
 #define SE_DESC_SACL_PROTECTED		0x2000
 
-#define SEC_DESC_SELF_RELATIVE		0x8000
-
 /* security information */
-
-#define OWNER_SECURITY_INFORMATION 0x00000001
-#define GROUP_SECURITY_INFORMATION 0x00000002
-#define DACL_SECURITY_INFORMATION  0x00000004
-#define SACL_SECURITY_INFORMATION  0x00000008
+#define OWNER_SECURITY_INFORMATION	0x00000001
+#define GROUP_SECURITY_INFORMATION	0x00000002
+#define DACL_SECURITY_INFORMATION	0x00000004
+#define SACL_SECURITY_INFORMATION	0x00000008
 
 #define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
 									DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION)
 
-#ifndef _SEC_ACCESS
+/* Globally Unique ID */
+#define  GUID_SIZE 16
+typedef struct guid_info
+{
+	uint8 info[GUID_SIZE];
+} GUID;
+
 /* SEC_ACCESS */
 typedef struct security_info_info
 {
 	uint32 mask;
 
 } SEC_ACCESS;
-#define _SEC_ACCESS
-#endif
 
-#ifndef _SEC_ACE
 /* SEC_ACE */
 typedef struct security_ace_info
 {
@@ -94,11 +119,17 @@ typedef struct security_ace_info
 	uint16 size;
 
 	SEC_ACCESS info;
+
+	/* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
+	uint32  obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
+	GUID    obj_guid;  /* object GUID */
+	GUID    inh_guid;  /* inherited object GUID */		
+        /* eof object stuff */
+
 	DOM_SID trustee;
 
 } SEC_ACE;
-#define _SEC_ACE
-#endif
+#define  SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
 
 #ifndef ACL_REVISION
 #define ACL_REVISION 0x3
@@ -119,6 +150,7 @@ typedef struct security_acl_info
 	SEC_ACE *ace;
 
 } SEC_ACL;
+#define  SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32))
 #define _SEC_ACL
 #endif
 
@@ -144,6 +176,7 @@ typedef struct security_descriptor_info
 	DOM_SID *grp_sid;
 
 } SEC_DESC;
+#define  SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))
 #define _SEC_DESC
 #endif
 
diff --git a/source3/include/smb.h b/source3/include/smb.h
index f2d67b992f..f626394845 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -248,7 +248,6 @@ typedef uint32 WERROR;
 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
 #endif
 
-#ifndef _DOM_SID
 /**
  * @brief Security Identifier
  *
@@ -268,8 +267,6 @@ typedef struct sid_info
   uint32 sub_auths[MAXSUBAUTHS];  
 
 } DOM_SID;
-#define _DOM_SID
-#endif
 
 /*
  * The complete list of SIDS belonging to this user.
@@ -284,13 +281,10 @@ typedef struct sid_info
 #define PRIMARY_USER_SID_INDEX 0
 #define PRIMARY_GROUP_SID_INDEX 1
 
-#ifndef _NT_USER_TOKEN
 typedef struct _nt_user_token {
 	size_t num_sids;
 	DOM_SID *user_sids;
 } NT_USER_TOKEN;
-#define _NT_USER_TOKEN
-#endif
 
 /*** query a local group, get a list of these: shows who is in that group ***/