r7995: * privileges are local except when they're *not*

  printmig.exe assumes that the LUID of the SeBackupPrivlege
  on the target server matches the LUID of the privilege
  on the local client.  Even though an LUID is never guaranteed
  to be the same across reboots.  How *awful*!  My cat could
  write better code! (more on my cat later....)

* Set the privelege LUID in the global PRIVS[] array

* Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN

* Rename the unknown field in RegCreateKeyEx() to disposition
  (guess according to MSDN)

* Add the capability to define REG_TDB_ONLY for using the reg_db.c
  functions and stress the RegXXX() rpc functions.

13 files changed, 159 insertions, 154 deletions

diff --git a/source/include/privileges.h b/source/include/privileges.h
index 38edee84e81..052cbb6c5fe 100644
--- a/source/include/privileges.h
+++ b/source/include/privileges.h
@@ -82,25 +82,22 @@ extern const SE_PRIV se_restore;
 #define PR_LOG_ON_SERVICE      0x0010
 
 
-#ifndef _BOOL
-typedef int BOOL;
-#define _BOOL       /* So we don't typedef BOOL again in vfs.h */
-#endif
-
-typedef struct LUID
-{
-	uint32 low;
+typedef struct {
 	uint32 high;
+	uint32 low;
 } LUID;
 
-typedef struct LUID_ATTR
-{
+typedef struct {
 	LUID luid;
 	uint32 attr;
 } LUID_ATTR;
 
-typedef struct privilege_set
-{
+#ifndef _BOOL
+typedef int BOOL;
+#define _BOOL       /* So we don't typedef BOOL again in vfs.h */
+#endif
+
+typedef struct {
 	TALLOC_CTX *mem_ctx;
 	BOOL ext_ctx;
 	uint32 count;
@@ -108,10 +105,11 @@ typedef struct privilege_set
 	LUID_ATTR *set;
 } PRIVILEGE_SET;
 
-typedef struct _PRIVS {
+typedef struct {
 	SE_PRIV se_priv;
 	const char *name;
 	const char *description;
+	LUID luid;
 } PRIVS;
 
 #endif /* PRIVILEGES_H */
diff --git a/source/include/rpc_reg.h b/source/include/rpc_reg.h
index 7d6469bc8e9..a35e534952e 100644
--- a/source/include/rpc_reg.h
+++ b/source/include/rpc_reg.h
@@ -34,7 +34,7 @@
 #define REG_OPEN_HKPD		0x03
 #define REG_OPEN_HKU		0x04
 #define REG_CLOSE		0x05
-#define REG_CREATE_KEY		0x06
+#define REG_CREATE_KEY_EX	0x06
 #define REG_DELETE_KEY		0x07
 #define REG_DELETE_VALUE	0x08
 #define REG_ENUM_KEY		0x09
@@ -225,13 +225,13 @@ typedef struct {
 	uint32 ptr3;
 	SEC_DESC_BUF *data;
 	uint32 unknown_2; /* 0x0000 0000 */
-} REG_Q_CREATE_KEY;
+} REG_Q_CREATE_KEY_EX;
 
 typedef struct {
 	POLICY_HND handle;
-	uint32 unknown;
+	uint32 disposition;
 	WERROR status; 
-} REG_R_CREATE_KEY;
+} REG_R_CREATE_KEY_EX;
 
 /***********************************************/
 
diff --git a/source/lib/privileges.c b/source/lib/privileges.c
index ae98d8940ff..30db2fc2bb7 100644
--- a/source/lib/privileges.c
+++ b/source/lib/privileges.c
@@ -25,8 +25,6 @@
 
 #define PRIVPREFIX              "PRIV_"
 
-#define GENERATE_LUID_LOW(x)	(x)+1;
-
 static const SE_PRIV se_priv_all  = SE_ALL_PRIVS;
 static const SE_PRIV se_priv_end  = SE_END;
 
@@ -43,60 +41,65 @@ const SE_PRIV se_restore         = SE_RESTORE;
 
 /********************************************************************
  This is a list of privileges reported by a WIndows 2000 SP4 AD DC
- just for reference purposes:
-
-            SeCreateTokenPrivilege  Create a token object
-     SeAssignPrimaryTokenPrivilege  Replace a process level token
-             SeLockMemoryPrivilege  Lock pages in memory
-          SeIncreaseQuotaPrivilege  Increase quotas
-         SeMachineAccountPrivilege  Add workstations to domain
-                    SeTcbPrivilege  Act as part of the operating system
-               SeSecurityPrivilege  Manage auditing and security log
-          SeTakeOwnershipPrivilege  Take ownership of files or other objects
-             SeLoadDriverPrivilege  Load and unload device drivers
-          SeSystemProfilePrivilege  Profile system performance
-             SeSystemtimePrivilege  Change the system time
-   SeProfileSingleProcessPrivilege  Profile single process
-   SeIncreaseBasePriorityPrivilege  Increase scheduling priority
-         SeCreatePagefilePrivilege  Create a pagefile
-        SeCreatePermanentPrivilege  Create permanent shared objects
-                 SeBackupPrivilege  Back up files and directories
-                SeRestorePrivilege  Restore files and directories
-               SeShutdownPrivilege  Shut down the system
-                  SeDebugPrivilege  Debug programs
-                  SeAuditPrivilege  Generate security audits
-      SeSystemEnvironmentPrivilege  Modify firmware environment values
-           SeChangeNotifyPrivilege  Bypass traverse checking
-         SeRemoteShutdownPrivilege  Force shutdown from a remote system
-                 SeUndockPrivilege  Remove computer from docking station
-              SeSyncAgentPrivilege  Synchronize directory service data
-       SeEnableDelegationPrivilege  Enable computer and user accounts to be trusted for delegation
-           SeManageVolumePrivilege  Perform volume maintenance tasks
-            SeImpersonatePrivilege  Impersonate a client after authentication
-           SeCreateGlobalPrivilege  Create global objects
-
-********************************************************************/
-
-
+ just for reference purposes (and I know the LUID is not guaranteed 
+ across reboots):
+
+            SeCreateTokenPrivilege  Create a token object ( 0x0, 0x2 )
+     SeAssignPrimaryTokenPrivilege  Replace a process level token ( 0x0, 0x3 )
+             SeLockMemoryPrivilege  Lock pages in memory ( 0x0, 0x4 )
+          SeIncreaseQuotaPrivilege  Increase quotas ( 0x0, 0x5 )
+         SeMachineAccountPrivilege  Add workstations to domain ( 0x0, 0x6 )
+                    SeTcbPrivilege  Act as part of the operating system ( 0x0, 0x7 )
+               SeSecurityPrivilege  Manage auditing and security log ( 0x0, 0x8 )
+          SeTakeOwnershipPrivilege  Take ownership of files or other objects ( 0x0, 0x9 )
+             SeLoadDriverPrivilege  Load and unload device drivers ( 0x0, 0xa )
+          SeSystemProfilePrivilege  Profile system performance ( 0x0, 0xb )
+             SeSystemtimePrivilege  Change the system time ( 0x0, 0xc )
+   SeProfileSingleProcessPrivilege  Profile single process ( 0x0, 0xd )
+   SeIncreaseBasePriorityPrivilege  Increase scheduling priority ( 0x0, 0xe )
+         SeCreatePagefilePrivilege  Create a pagefile ( 0x0, 0xf )
+        SeCreatePermanentPrivilege  Create permanent shared objects ( 0x0, 0x10 )
+                 SeBackupPrivilege  Back up files and directories ( 0x0, 0x11 )
+                SeRestorePrivilege  Restore files and directories ( 0x0, 0x12 )
+               SeShutdownPrivilege  Shut down the system ( 0x0, 0x13 )
+                  SeDebugPrivilege  Debug programs ( 0x0, 0x14 )
+                  SeAuditPrivilege  Generate security audits ( 0x0, 0x15 )
+      SeSystemEnvironmentPrivilege  Modify firmware environment values ( 0x0, 0x16 )
+           SeChangeNotifyPrivilege  Bypass traverse checking ( 0x0, 0x17 )
+         SeRemoteShutdownPrivilege  Force shutdown from a remote system ( 0x0, 0x18 )
+                 SeUndockPrivilege  Remove computer from docking station ( 0x0, 0x19 )
+              SeSyncAgentPrivilege  Synchronize directory service data ( 0x0, 0x1a )
+       SeEnableDelegationPrivilege  Enable computer and user accounts to be trusted for delegation ( 0x0, 0x1b )
+           SeManageVolumePrivilege  Perform volume maintenance tasks ( 0x0, 0x1c )
+            SeImpersonatePrivilege  Impersonate a client after authentication ( 0x0, 0x1d )
+           SeCreateGlobalPrivilege  Create global objects ( 0x0, 0x1e )
+
+ ********************************************************************/
+
+/* we have to define the LUID here due to a horrible check by printmig.exe
+   that requires the SeBackupPrivilege match what is in Windows.  So match
+   those that we implement and start Samba privileges at 0x1001 */
+   
 PRIVS privs[] = {
 #if 0	/* usrmgr will display these twice if you include them.  We don't 
 	   use them but we'll keep the bitmasks reserved in privileges.h anyways */
 	   
-	{SE_NETWORK_LOGON,		"SeNetworkLogonRight",			"Access this computer from network"},
-	{SE_INTERACTIVE_LOGON,		"SeInteractiveLogonRight",		"Log on locally"},
-	{SE_BATCH_LOGON,		"SeBatchLogonRight",			"Log on as a batch job"},
-	{SE_SERVICE_LOGON,		"SeServiceLogonRight",			"Log on as a service"},
+	{SE_NETWORK_LOGON,	"SeNetworkLogonRight",		"Access this computer from network", 	   { 0x0, 0x0 }},
+	{SE_INTERACTIVE_LOGON,	"SeInteractiveLogonRight",	"Log on locally", 			   { 0x0, 0x0 }},
+	{SE_BATCH_LOGON,	"SeBatchLogonRight",		"Log on as a batch job",		   { 0x0, 0x0 }},
+	{SE_SERVICE_LOGON,	"SeServiceLogonRight",		"Log on as a service",			   { 0x0, 0x0 }},
 #endif
-	{SE_MACHINE_ACCOUNT,		"SeMachineAccountPrivilege",		"Add machines to domain"},
-	{SE_PRINT_OPERATOR,		"SePrintOperatorPrivilege",		"Manage printers"},
-	{SE_ADD_USERS,			"SeAddUsersPrivilege",			"Add users and groups to the domain"},
-	{SE_REMOTE_SHUTDOWN,		"SeRemoteShutdownPrivilege",		"Force shutdown from a remote system"},
-	{SE_DISK_OPERATOR,		"SeDiskOperatorPrivilege",		"Manage disk shares"},
-        {SE_BACKUP,                     "SeBackupPrivilege",                    "Back up files and directories"},
-        {SE_RESTORE,                    "SeRestorePrivilege",                   "Restore files and directories"},
-	{SE_TAKE_OWNERSHIP,             "SeTakeOwnershipPrivilege",             "Take ownership of files or other objects"},
-
-	{SE_END,			"",					""}
+	{SE_MACHINE_ACCOUNT,	"SeMachineAccountPrivilege",	"Add machines to domain",		   { 0x0, 0x0006 }},
+	{SE_TAKE_OWNERSHIP,     "SeTakeOwnershipPrivilege",     "Take ownership of files or other objects",{ 0x0, 0x0009 }},
+        {SE_BACKUP,             "SeBackupPrivilege",            "Back up files and directories",	   { 0x0, 0x0011 }},
+        {SE_RESTORE,            "SeRestorePrivilege",           "Restore files and directories",	   { 0x0, 0x0012 }},
+	{SE_REMOTE_SHUTDOWN,	"SeRemoteShutdownPrivilege",	"Force shutdown from a remote system",	   { 0x0, 0x0018 }},
+	
+	{SE_PRINT_OPERATOR,	"SePrintOperatorPrivilege",	"Manage printers",			   { 0x0, 0x1001 }},
+	{SE_ADD_USERS,		"SeAddUsersPrivilege",		"Add users and groups to the domain",	   { 0x0, 0x1002 }},
+	{SE_DISK_OPERATOR,	"SeDiskOperatorPrivilege",	"Manage disk shares",			   { 0x0, 0x1003 }},
+
+	{SE_END, "", "", { 0x0, 0x0 }}
 };
 
 typedef struct {
@@ -109,7 +112,6 @@ typedef struct {
 	SID_LIST sids;
 } PRIV_SID_LIST;
 
-
 /***************************************************************************
  copy an SE_PRIV structure
 ****************************************************************************/
@@ -402,7 +404,7 @@ LUID_ATTR get_privilege_luid( SE_PRIV *mask )
 	for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
 	
 		if ( se_priv_equal( &privs[i].se_priv, mask ) ) {
-			priv_luid.luid.low = GENERATE_LUID_LOW(i);
+			priv_luid.luid = privs[i].luid;
 			break;
 		}
 	}
@@ -746,17 +748,19 @@ BOOL user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege)
 char* luid_to_privilege_name(const LUID *set)
 {
 	static fstring name;
-	int max = count_all_privileges();
+	int i;
 
 	if (set->high != 0)
 		return NULL;
 
-	if ( set->low > max )
-		return NULL;
-
-	fstrcpy( name, privs[set->low - 1].name );
+	for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
+		if ( set->low == privs[i].luid.low ) {
+			fstrcpy( name, privs[set->low - 1].name );
+			return name;
+		}
+	}
 	
-	return name;
+	return NULL;
 }
 
 /*******************************************************************
@@ -792,7 +796,7 @@ BOOL se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask )
 		if ( !is_privilege_assigned(mask, &privs[i].se_priv) )
 			continue;
 		
-		luid.luid.low = GENERATE_LUID_LOW(i);
+		luid.luid = privs[i].luid;
 		
 		if ( !privilege_set_add( set, luid ) )
 			return False;
diff --git a/source/registry/reg_db.c b/source/registry/reg_db.c
index 884949375b4..741bc4127bf 100644
--- a/source/registry/reg_db.c
+++ b/source/registry/reg_db.c
@@ -399,7 +399,7 @@ static int regdb_unpack_values(REGVAL_CTR *values, char *buf, int buflen)
 	int 		len = 0;
 	uint32		type;
 	pstring		valuename;
-	int		size;
+	uint32		size;
 	uint8		*data_p;
 	uint32 		num_values = 0;
 	int 		i;
@@ -413,17 +413,21 @@ static int regdb_unpack_values(REGVAL_CTR *values, char *buf, int buflen)
 	for ( i=0; i<num_values; i++ ) {
 		/* unpack the next regval */
 		
+		type = REG_NONE;
+		size = 0;
+		data_p = NULL;
 		len += tdb_unpack(buf+len, buflen-len, "fdB",
 				  valuename,
 				  &type,
 				  &size,
 				  &data_p);
 				
-		/* add the new value */
-		
-		regval_ctr_addvalue( values, valuename, type, (const char *)data_p, size );
+		/* add the new value. Paranoid protective code -- make sure data_p is valid */
 
-		SAFE_FREE(data_p); /* 'B' option to tdbpack does a malloc() */
+		if ( size && data_p ) {
+			regval_ctr_addvalue( values, valuename, type, (const char *)data_p, size );
+			SAFE_FREE(data_p); /* 'B' option to tdb_unpack does a malloc() */
+		}
 
 		DEBUG(8,("specific: [%s], len: %d\n", valuename, size));
 	}
diff --git a/source/registry/reg_frontend.c b/source/registry/reg_frontend.c
index 440f108cc97..51ad23b4984 100644
--- a/source/registry/reg_frontend.c
+++ b/source/registry/reg_frontend.c
@@ -31,13 +31,16 @@ extern REGISTRY_OPS shares_reg_ops;
 extern REGISTRY_OPS regdb_ops;		/* these are the default */
 
 /* array of REGISTRY_HOOK's which are read into a tree for easy access */
+/* #define REG_TDB_ONLY		1 */
 
 REGISTRY_HOOK reg_hooks[] = {
+#ifndef REG_TDB_ONLY 
   { KEY_PRINTING,    		&printing_ops },
   { KEY_PRINTING_2K, 		&printing_ops },
   { KEY_PRINTING_PORTS, 	&printing_ops },
   { KEY_EVENTLOG,        	&eventlog_ops }, 
   { KEY_SHARES,      		&shares_reg_ops },
+#endif
   { NULL, NULL }
 };
 
diff --git a/source/registry/reg_objects.c b/source/registry/reg_objects.c
index 7ee2cd84141..b3b47ae0e14 100644
--- a/source/registry/reg_objects.c
+++ b/source/registry/reg_objects.c
@@ -94,7 +94,7 @@ int regsubkey_ctr_delkey( REGSUBKEY_CTR *ctr, const char *keyname )
 
 	/* update if we have any keys left */
 	ctr->num_subkeys--;
-	if ( ctr->num_subkeys )
+	if ( i < ctr->num_subkeys )
 		memmove( &ctr->subkeys[i], &ctr->subkeys[i+1], sizeof(char*) * (ctr->num_subkeys-i) );
 	
 	return ctr->num_subkeys;
@@ -232,7 +232,7 @@ uint8* regval_data_p( REGISTRY_VALUE *val )
 /**********************************************************************
  *********************************************************************/
 
-int regval_size( REGISTRY_VALUE *val )
+uint32 regval_size( REGISTRY_VALUE *val )
 {
 	return val->size;
 }
@@ -392,10 +392,10 @@ int regval_ctr_delvalue( REGVAL_CTR *ctr, const char *name )
 	if ( i == ctr->num_values )
 		return ctr->num_values;
 	
-	/* just shift everything down one */
+	/* If 'i' was not the last element, just shift everything down one */
 	ctr->num_values--;
-	if ( ctr->num_values )
-		memmove( ctr->values[i], ctr->values[i+1], sizeof(REGISTRY_VALUE)*(ctr->num_values-i) );
+	if ( i < ctr->num_values )
+		memmove( ctr->values[i], ctr->values[i+1], sizeof(REGISTRY_VALUE*)*(ctr->num_values-i) );
 	
 	return ctr->num_values;
 }
diff --git a/source/registry/reg_printing.c b/source/registry/reg_printing.c
index 30f2d746600..6fedb524d6e 100644
--- a/source/registry/reg_printing.c
+++ b/source/registry/reg_printing.c
@@ -38,7 +38,6 @@ static const char *top_level_keys[MAX_TOP_LEVEL_KEYS] = {
 	"Forms",
 	"Printers" 
 };
-	
 
 /**********************************************************************
  It is safe to assume that every registry path passed into on of 
@@ -832,6 +831,7 @@ static int handle_printing_subpath( char *key, REGSUBKEY_CTR *subkeys, REGVAL_CT
 	return result;
 
 }
+
 /**********************************************************************
  Enumerate registry subkey names given a registry path.  
  Caller is responsible for freeing memory to **subkeys
@@ -840,7 +840,6 @@ static int handle_printing_subpath( char *key, REGSUBKEY_CTR *subkeys, REGVAL_CT
 static int printing_subkey_info( const char *key, REGSUBKEY_CTR *subkey_ctr )
 {
 	char 		*path;
-	BOOL		top_level = False;
 	int		num_subkeys = 0;
 	
 	DEBUG(10,("printing_subkey_info: key=>[%s]\n", key));
@@ -849,25 +848,22 @@ static int printing_subkey_info( const char *key, REGSUBKEY_CTR *subkey_ctr )
 	
 	/* check to see if we are dealing with the top level key */
 	
-	if ( !path )
-		top_level = True;
-		
-	if ( top_level ) {
-		/* check between the two top level keys here */
-		
-		if ( strequal( KEY_PRINTING, key ) ) {
-			regsubkey_ctr_addkey( subkey_ctr, "Environments" );
-			regsubkey_ctr_addkey( subkey_ctr, "Forms" );
-		}
-		else if ( strequal( KEY_PRINTING_2K, key ) ) {
-			regsubkey_ctr_addkey( subkey_ctr, "Printers" );
-		}
-	}
-	else
+	if ( path ) {
 		num_subkeys = handle_printing_subpath( path, subkey_ctr, NULL );
+		SAFE_FREE( path );
+		return num_subkeys;
+	}
 	
-	SAFE_FREE( path );
-	
+	/* handle top level keys here */
+		
+	if ( strequal( KEY_PRINTING, key ) ) {
+		regsubkey_ctr_addkey( subkey_ctr, "Environments" );
+		regsubkey_ctr_addkey( subkey_ctr, "Forms" );
+	}
+	else if ( strequal( KEY_PRINTING_2K, key ) ) {
+		regsubkey_ctr_addkey( subkey_ctr, "Printers" );
+	}
+
 	return num_subkeys;
 }
 
@@ -879,25 +875,22 @@ static int printing_subkey_info( const char *key, REGSUBKEY_CTR *subkey_ctr )
 static int printing_value_info( const char *key, REGVAL_CTR *val )
 {
 	char 		*path;
-	BOOL		top_level = False;
 	int		num_values = 0;
 	
 	DEBUG(10,("printing_value_info: key=>[%s]\n", key));
 	
 	path = trim_reg_path( key );
+		
+	if ( path ) {
+		num_values = handle_printing_subpath( path, NULL, val );
+		SAFE_FREE( path );
+		return num_values;
+	}
 	
-	/* check to see if we are dealing with the top level key */
-	
-	if ( !path )
-		top_level = True;
+	/* top level key */
 	
-	/* fill in values from the getprinterdata_printer_server() */
-	if ( top_level ) {
-		if ( strequal( key, KEY_PRINTING_PORTS ) ) 
-			num_values = fill_ports_values( val );
-	} else
-		num_values = handle_printing_subpath( path, NULL, val );
-		
+	if ( strequal( key, KEY_PRINTING_PORTS ) ) 
+		num_values = fill_ports_values( val );
 	
 	return num_values;
 }
diff --git a/source/rpc_client/cli_reg.c b/source/rpc_client/cli_reg.c
index c3a1aba90de..97ae8b29e7d 100644
--- a/source/rpc_client/cli_reg.c
+++ b/source/rpc_client/cli_reg.c
@@ -438,12 +438,12 @@ WERROR cli_reg_delete_key(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /****************************************************************************
 do a REG Create Key
 ****************************************************************************/
-WERROR cli_reg_create_key(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+WERROR cli_reg_create_key_ex(struct cli_state *cli, TALLOC_CTX *mem_ctx,
                             POLICY_HND *hnd, char *key_name, char *key_class,
                             uint32 access_desired, POLICY_HND *key)
 {
-	REG_Q_CREATE_KEY in;
-	REG_R_CREATE_KEY out;
+	REG_Q_CREATE_KEY_EX in;
+	REG_R_CREATE_KEY_EX out;
 	prs_struct qbuf, rbuf;
 	SEC_DESC *sec;
 	SEC_DESC_BUF *sec_buf;
@@ -461,13 +461,13 @@ WERROR cli_reg_create_key(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	if ( !(sec_buf = make_sec_desc_buf(mem_ctx, sec_len, sec)) )
 		return WERR_GENERAL_FAILURE;
 
-	init_reg_q_create_key(&in, hnd, key_name, key_class, access_desired, sec_buf);
+	init_reg_q_create_key_ex(&in, hnd, key_name, key_class, access_desired, sec_buf);
 
-	CLI_DO_RPC( cli, mem_ctx, PI_WINREG, REG_CREATE_KEY, 
+	CLI_DO_RPC( cli, mem_ctx, PI_WINREG, REG_CREATE_KEY_EX, 
 	            in, out, 
 	            qbuf, rbuf,
-	            reg_io_q_create_key,
-	            reg_io_r_create_key, 
+	            reg_io_q_create_key_ex,
+	            reg_io_r_create_key_ex, 
 	            WERR_GENERAL_FAILURE );
 		    
 
diff --git a/source/rpc_parse/parse_reg.c b/source/rpc_parse/parse_reg.c
index 9048f0f58f5..c46eef13003 100644
--- a/source/rpc_parse/parse_reg.c
+++ b/source/rpc_parse/parse_reg.c
@@ -206,7 +206,7 @@ static BOOL reg_io_hdrbuf_sec(uint32 ptr, uint32 *ptr3, BUFHDR *hdr_sec,
  Inits a registry key create request
 ********************************************************************/
 
-void init_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
+void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd,
                            char *name, char *key_class, uint32 access_desired,
                            SEC_DESC_BUF *sec_buf)
 {
@@ -234,13 +234,13 @@ void init_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
 Marshalls a registry key create request
 ********************************************************************/
 
-BOOL reg_io_q_create_key(const char *desc,  REG_Q_CREATE_KEY *q_u,
+BOOL reg_io_q_create_key_ex(const char *desc,  REG_Q_CREATE_KEY_EX *q_u,
                          prs_struct *ps, int depth)
 {
 	if ( !q_u )
 		return False;
 
-	prs_debug(ps, depth, desc, "reg_io_q_create_key");
+	prs_debug(ps, depth, desc, "reg_io_q_create_key_ex");
 	depth++;
 
 	if(!prs_align(ps))
@@ -285,13 +285,13 @@ BOOL reg_io_q_create_key(const char *desc,  REG_Q_CREATE_KEY *q_u,
 Unmarshalls a registry key create response
 ********************************************************************/
 
-BOOL reg_io_r_create_key(const char *desc,  REG_R_CREATE_KEY *r_u,
+BOOL reg_io_r_create_key_ex(const char *desc,  REG_R_CREATE_KEY_EX *r_u,
                          prs_struct *ps, int depth)
 {
 	if ( !r_u )
 		return False;
 
-	prs_debug(ps, depth, desc, "reg_io_r_create_key");
+	prs_debug(ps, depth, desc, "reg_io_r_create_key_ex");
 	depth++;
 
 	if(!prs_align(ps))
@@ -299,7 +299,7 @@ BOOL reg_io_r_create_key(const char *desc,  REG_R_CREATE_KEY *r_u,
 	
 	if(!smb_io_pol_hnd("", &r_u->handle, ps, depth))
 		return False;
-	if(!prs_uint32("unknown", ps, depth, &r_u->unknown))
+	if(!prs_uint32("disposition", ps, depth, &r_u->disposition))
 		return False;
 
 	if(!prs_werror("status", ps, depth, &r_u->status))
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index b724508e0b3..15d420538ef 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -1544,7 +1544,7 @@ NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, L
 		
 	unistr2_to_ascii(name, &q_u->privname.unistring, sizeof(name));
 	
-	DEBUG(10,("_lsa_priv_get_dispname: name = %s\n", name));
+	DEBUG(10,("_lsa_lookup_priv_value: name = %s\n", name));
 
 	if ( !se_priv_from_name( name, &mask ) )
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
diff --git a/source/rpc_server/srv_reg.c b/source/rpc_server/srv_reg.c
index efff8e67226..871b1a9f121 100644
--- a/source/rpc_server/srv_reg.c
+++ b/source/rpc_server/srv_reg.c
@@ -419,22 +419,22 @@ static BOOL api_reg_save_key(pipes_struct *p)
 /*******************************************************************
  ******************************************************************/
 
-static BOOL api_reg_create_key(pipes_struct *p)
+static BOOL api_reg_create_key_ex(pipes_struct *p)
 {
-	REG_Q_CREATE_KEY q_u;
-	REG_R_CREATE_KEY r_u;
+	REG_Q_CREATE_KEY_EX q_u;
+	REG_R_CREATE_KEY_EX r_u;
 	prs_struct *data = &p->in_data.data;
 	prs_struct *rdata = &p->out_data.rdata;
 
 	ZERO_STRUCT(q_u);
 	ZERO_STRUCT(r_u);
 
-	if(!reg_io_q_create_key("", &q_u, data, 0))
+	if(!reg_io_q_create_key_ex("", &q_u, data, 0))
 		return False;
 		
-	r_u.status = _reg_create_key(p, &q_u, &r_u);
+	r_u.status = _reg_create_key_ex(p, &q_u, &r_u);
 
-	if(!reg_io_r_create_key("", &r_u, rdata, 0))
+	if(!reg_io_r_create_key_ex("", &r_u, rdata, 0))
 		return False;
 
 	return True;
@@ -584,7 +584,7 @@ static struct api_struct api_reg_cmds[] =
       { "REG_GETVERSION"         , REG_GETVERSION         , api_reg_getversion       },
       { "REG_SAVE_KEY"           , REG_SAVE_KEY           , api_reg_save_key         },
       { "REG_RESTORE_KEY"        , REG_RESTORE_KEY        , api_reg_restore_key      },
-      { "REG_CREATE_KEY"         , REG_CREATE_KEY         , api_reg_create_key       },
+      { "REG_CREATE_KEY_EX"      , REG_CREATE_KEY_EX      , api_reg_create_key_ex    },
       { "REG_SET_VALUE"          , REG_SET_VALUE          , api_reg_set_value        },
       { "REG_DELETE_KEY"         , REG_DELETE_KEY         , api_reg_delete_key       },
       { "REG_DELETE_VALUE"       , REG_DELETE_VALUE       , api_reg_delete_value     },
diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c
index 158888967b3..7170c0a3011 100644
--- a/source/rpc_server/srv_reg_nt.c
+++ b/source/rpc_server/srv_reg_nt.c
@@ -30,17 +30,10 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
-#define REGSTR_PRODUCTTYPE		"ProductType"
-#define REG_PT_WINNT			"WinNT"
-#define REG_PT_LANMANNT			"LanmanNT"
-#define REG_PT_SERVERNT			"ServerNT"
-
 #define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \
 ((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid())
 
 
-/* no idea if this is correct, just use the file access bits for now */
-
 static struct generic_mapping reg_generic_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
 
 /********************************************************************
@@ -266,9 +259,7 @@ static BOOL get_subkey_information( REGISTRY_KEY *key, uint32 *maxnum, uint32 *m
 }
 
 /********************************************************************
- retrieve information about the values.  We don't store values 
- here.  The registry tdb is intended to be a frontend to oether 
- Samba tdb's (such as ntdrivers.tdb).
+ retrieve information about the values.  
  *******************************************************************/
  
 static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum, 
@@ -294,7 +285,7 @@ static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum,
 	
 	for ( i=0; i<num_values && val; i++ ) 
 	{
-		lenmax  = MAX(lenmax,  strlen(val->valuename)+1 );
+		lenmax  = MAX(lenmax,  val->valuename ? strlen(val->valuename)+1 : 0 );
 		sizemax = MAX(sizemax, val->size );
 		
 		val = regval_ctr_specific_value( &values, i );
@@ -1106,7 +1097,7 @@ WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY  *q_u, REG_R_SAVE_KEY *r_u)
 /*******************************************************************
  ********************************************************************/
 
-WERROR _reg_create_key(pipes_struct *p, REG_Q_CREATE_KEY  *q_u, REG_R_CREATE_KEY *r_u)
+WERROR _reg_create_key_ex(pipes_struct *p, REG_Q_CREATE_KEY_EX *q_u, REG_R_CREATE_KEY_EX *r_u)
 {
 	REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle);
 	REGISTRY_KEY *newparent;
@@ -1223,6 +1214,12 @@ WERROR _reg_set_value(pipes_struct *p, REG_Q_SET_VALUE  *q_u, REG_R_SET_VALUE *r
 		
 	rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 );
 
+	/* verify the name */
+
+	if ( !*valuename )
+		return WERR_INVALID_PARAM;
+
+	DEBUG(8,("_reg_set_value: Setting value for [%s:%s]\n", key->name, valuename));
 		
 	regval_ctr_init( &values );
 	
@@ -1357,6 +1354,11 @@ WERROR _reg_delete_value(pipes_struct *p, REG_Q_DELETE_VALUE  *q_u, REG_R_DELETE
 
 	rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 );
 
+	if ( !*valuename )
+		return WERR_INVALID_PARAM;
+
+	DEBUG(8,("_reg_delete_value: Setting value for [%s:%s]\n", key->name, valuename));
+
 	regval_ctr_init( &values );
 	
 	/* lookup the current values and add the new one */
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index e05bfa1eaa4..12e8e2bd414 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -2211,7 +2211,8 @@ static WERROR get_printer_dataex( TALLOC_CTX *ctx, NT_PRINTER_INFO_LEVEL *printe
 				  uint32 *needed, uint32 in_size  )
 {
 	REGISTRY_VALUE 		*val;
-	int			size, data_len;
+	uint32			size;
+	int			data_len;
 	
 	if ( !(val = get_printer_data( printer->info_2, key, value)) )
 		return WERR_BADFILE;
@@ -8030,7 +8031,7 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S
 			result = WERR_NOMEM;
 			goto done;
 		}
-		data_len = (size_t)regval_size(val);
+		data_len = regval_size(val);
 		memcpy( *data_out, regval_data_p(val), data_len );
 		*out_data_len = data_len;
 	}
@@ -9250,7 +9251,7 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_
 	int		i;
 	REGISTRY_VALUE	*val;
 	char		*value_name;
-	int		data_len;
+	uint32		data_len;
 	
 
 	DEBUG(4,("_spoolss_enumprinterdataex\n"));